Snort mailing list archives
Re: Setting up Snort
From: Ueli Kistler <iuk () gmx ch>
Date: Tue, 10 Dec 2002 15:39:59 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello This is a short description of how to install ACID on a working apache server with running PHP and using IDScenter to monitor the whole thing. - - make sure apache is running correctly with working php (check apache.org for documentation if you have got problems, or want to use http authentication for example) - - install required PHP libs (see www.cert.org/kb/acid).. means ADODB, JPGraph -> ADODB: http://php.weblogs.com/adodb, JPGraph: http://www.aditus.nu/jpgraph/ - - install ACID in your htdocs folder - - edit acid_conf.php file: make sure you set the right mysql database server and port as well as a correct username and user - -> open command prompt: start mysql command line program from your directory (C:\mysql\bin for example) create the database & exit: CREATE DATABASE snort; exit; copy the file "create_mysql" from your "contrib" subfolder in Snort folder to your "mysql\bin" folder initialize the table: type "mysql -u snort snort < create_mysql and give access to it (GRANT INSERT, etc.. to snort@localhost identified by "your pass"; ) - -> see http://www.silicondefense.com/techsupport/winsnortacid-apache_1.8.7.htm If you use IDScenter (www.packx.net): - - setup a database output plugin (IDS rules -> Output plugins -> Add - -> Database alert plugin - - type the required options (host, database name (snort), username (snort), password, encoding) - - Add it to the list - - Go to panel "Alerts" -> click on "Alert detection" -> deactivate file monitoring and activate MySQL alert monitoring, specify the options (host, password, database name, etc) - - Click on Apply - -> Activate support for ACID viewer: Go to "General" -> "Main configuration" -> Log viewer -> "Explorer URL" -> set http://localhost/Acid (or the URL of ACID on your webserver) Done. Now you've got a running Snort-MySQL-AMP-Acid environment and IDScenter will inform you about the last attack as soon it occurs. To activate e-mail notification you still have to use file logging (and activate file monitoring!) though. If you have a Wireless LAN and a laptop with IDScenter you also will be always up2date about latest attacks, as long as IDScenter has access to the database server for example. Multiple Snort sensors logging to your MySQL database can now be handled easily too. Regards, Eclipse eclipse () packx net www.packx.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.5.13 iD8DBQE99fyZad+bo3Jl9EkRAuYnAJ9geMFx+L8JbspmmYcyxfMHWS2HfACg3ZKx P4odzZCYNIZAnaimuWt9fpM= =7rE8 -----END PGP SIGNATURE----- Salloum, Camile schrieb:
Hi. I am in the process of setting up Snort using mysql version 1.2. I am using windows2000 professional. I have created the snort database and ran the command from the dos prompt to execute snort.exe - l and rules -o. It seems like it runs fine, but I can't access the acid page in my web browser. Http://127.0.0.1 returns an error page message. I have my snort set up in the D drive, php set up in my c drive and copied the acid folder to inetpub/wwwroot, but still am having noluck. I tried to run the CIS scanner on my local host and received no stats via acid. Any suggestions? Thanks. Cam Salloum ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Setting up Snort Salloum, Camile (Dec 10)
- Re: Setting up Snort Ueli Kistler (Dec 10)