Snort mailing list archives
Re: remote snort sensor
From: Xavier Cabrera <xavierc () devilcrack org>
Date: Wed, 04 May 2005 15:11:02 -0500
Compile your snort whit MySQL support just like before. Even if your remote machine does not run the database....
Later you can send this alerts to the correct database configuring in the snort.conf or with barnyard...
in the snort.confoutput database: log, mysql, user=snort password=test dbname=snort host=172.15.2.1 sensor_name=snort1_remote (where 172.15.2.1 its the mysql server)
or with barnyard + ACID # acid_db #------------------------------- # Available as both a log and alert output plugin. Used to output data into # the db schema used by ACID # Arguments: # $db_flavor - what flavor of database (ie, mysql) # sensor_id $sensor_id - integer sensor id to insert data as # database $database - name of the database # server $server - server the database is located on # user $user - username to connect to the database as # password $password - password for database authenticationoutput alert_acid_db: mysql, sensor_id snort1remote.mycompany.net, database snort, server ids.mycompany.net, user snort, password yourpassword output log_acid_db: mysql, database snort, server ids.mycompany.net, user snort, password yourpassword, detail full
where 'server ids.mycompany.net' its the name resolution for your mysql server
I hope this can help you Regards Xavier C. Raynaud, Francois wrote:
Hi All,My existing architecture is as follows :- Mysql database - Apache with PHP to run BASE - one snort sensorThis is all working perfectly no problem. Following this installation I started building a remote snort sensor with mysql support. I have installed the shared compatible librairies for Mysql and built snort with the --with-mysql switch. The problem occurs when I try to start snort with the following commadn : snort -c /etc/snort/snort-2.3.3/etc/snort.conf -l /var/log/snort The system comes back with this error : database : 'mysql' support is not compiled into this build of snort. Anybody could give me some pointers on where to look ? Cheers, *Francois Raynaud* Senior Network Security specialistInternational Security Group Sametime: francois.raynaud Vnet: 419 6041
------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- remote snort sensor Raynaud, Francois (May 04)
- Re: remote snort sensor Xavier Cabrera (May 04)
- <Possible follow-ups>
- RE: remote snort sensor Raynaud, Francois (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)
- Message not available
- Re: ClamAV + Snort Xavier Cabrera (May 04)
- Message not available
- Re: ClamAV + Snort Xavier Cabrera (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)