Snort mailing list archives
Snort-inline
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Mon, 28 Apr 2003 10:54:11 -0600
For those out there wishing to use snort-inline with mysql...have figured out how to get it working Must have's: snort-2.0.0 snort-inline (any version 1.91 or higher) mysql apache + php acid + phplot + adodb + jpgraph Here is what I did to make things work. First configure regular snort as "./configure --with-mysql" and then "make" and "make install" next configure snort-inline as "./configure --enable-inline --with-mysql" and "make" and "make install". The rest of the apache + php + acid + phplot + adodb + jpgraph etc....all those things everyone knows that stuff. Use the doc on snort.org to configure iptables and ip_queue etc.... the key here is that regular snort MUST be configured --with-mysql. Afterall, snort-inline is using the snort.conf file. so configure the snort.conf file just like you were setting it up for snort + acid + mysql. With that done, I am getting all attempted scans and exploits dropped and they are showing up in the mysql database and on the ACID console. That's all folks
Current thread:
- Snort-inline Slighter, Tim (Apr 28)