Snort mailing list archives

RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary

From: "Burleson, Lee (IA)" <Lee.Burleson () ia ngb army mil>
Date: Fri, 14 Sep 2001 14:30:26 -0500

People that are logging to MSSQL: what are you using to view the alerts?

- Lee

-----Original Message-----
From: Chris Reid [mailto:Chris.Reid () CodeCraftConsultants com]
Sent: Thursday, September 06, 2001 14:11
To: drew600_1999 () yahoo com; Snort Users List (E-mail)
Subject: Re: [Snort-users] Silcondefense.com Snort_1.8.b77_MSSQL_Binary

Stephen,

I was the one who wrote the support for SQL Server in Snort.  For
clarification, no it does not use ODBC.  Rather, it uses SQL Server's
"DBLIB".  To get the TSQL script for creating tables/indexes, you will need
to download the Snort source code.  In there, you can find the TSQL script
in the "contrib" directory (it's a file called "create_mssql").  To enable
logging to the SQL Server database, there should be an example in the
"snort.conf" file.

To install Snort (with SQL Server support) on a Win32 machine, it is
reasonably comparable to installing Snort with support for MySQL, while
remembering to make any reasonable replacements of "MySQL" with "SQL
Server".  The instructions can be found here:

    http://www.snort.org/docs/acid-win32.html

Chris Reid

----- Original Message ----- 
From: Stephen Shepherd 
To: Snort Users List (E-mail) 
Sent: Thursday, September 06, 2001 10:44
Subject: [Snort-users] Silcondefense.com Snort_1.8.b77_MSSQL_Binary

I discovered this file out on the SD website.  It looks as if they have
compiled Snort with support for Microsoft SQL Server.  I imagine this is via
ODBC but I am looking for some more info.  I will try to contact them as
well, but I thought I would post here and see if anyone would chime in.  I
plan on playing with this today but I thought I would ask if anyone has TSQL
scripts for table creation.  If not I will see what I can do with the MySql
setup script.  If I am successful I will post the TSQL up for anyone that is
interested.

Thanks...

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 06)
- Re: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Chris Reid (Sep 06)
- <Possible follow-ups>
- RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 06)
- RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Burleson, Lee (IA) (Sep 14)
- Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 17)
  - RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary John Berkers (Sep 18)
- Re: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Wayne T Work (Sep 17)
- RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 18)