Snort-inline

["Slighter, Tim" <tslighter () itc nrcs usda gov>]

For those out there wishing to use snort-inline with mysql...have figured
out how to get it working


Must have's:

snort-2.0.0
snort-inline (any version 1.91 or higher)
mysql
apache + php
acid + phplot + adodb + jpgraph


Here is what I did to make things work.

First configure regular snort as "./configure --with-mysql" and then "make"
and "make install"

next configure snort-inline as "./configure --enable-inline --with-mysql"
and "make" and "make install".

The rest of the apache + php + acid + phplot + adodb + jpgraph etc....all
those things everyone knows that stuff.  Use the doc on snort.org to
configure iptables and ip_queue etc....

the key here is that regular snort MUST be configured --with-mysql.
Afterall, snort-inline is using the snort.conf file.  so configure the
snort.conf file just like you were setting it up for snort + acid + mysql.
With that done, I am getting all attempted scans and exploits dropped and
they are showing up in the mysql database and on the ACID console.

That's all folks