Re: Creating a PostgreSQL database for snort on Debian system

[waldo kitty <wkitty42 () windstream net>]

On 1/21/2013 17:18, giulia603 () virgilio it wrote:
> I was following the guide on this link:
>
> http://raidersec.blogspot.it/2012/03/how-to-setup-and-configure-snort-for.html
>
> but when I run this command
>
> $ zcat /usr/share/doc/snort-pgsql/create_postgresql.gz | psql snort
>
> I'm getting an error: seems he don't recognize the package "create ".
> Moreover I don't have the ~$ sudo nano /etc/snort/database.conf file.
>
> I've looked a lot around the web about this problem but i'm still in trouble.
> Is the guide that i'm using out of date?
> What am I doing wrong?

is that guide using barnyard2 for the database populating? if not, then it is 
likely out of date... snort doesn't talk to databases directly any more... it 
needs to spend time sniffing the data stream and posting alerts to the alert 
files... barnyard2 will then read those alert files and properly add the alerts 
to the database being used...

by using this method, if the database cannot be contacted for some reason, snort 
can keep on doing its job instead of not sniffing while waiting on the database...

------------------------------------------------------------------------------
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!