C


H A P T E R


2


Installing Snort and 


Getting Started


Snort installation may consist of only a working Snort daemon or


A


of a complete Snort system with many other tools. If you install


only Snort, you can capture intrusion data in text or binary files and then


view these files later on with the help of a text editor or some other tool


like Barnyard, which will be explained later in this book. With this simple


installation you can also send alert data to an SNMP manager, like HP


OpenView or OpenNMS, in the form of SNMP traps. Alert data can also


be sent to a Microsoft Windows machine in the form of SMB pop up win 


dows. However, if you install other tools, you can perform more sophisti 


cated operations on the intrusion data, such as logging Snort data to a


database and analyzing it through a web interface. Using the web inter 


face, you can view all alerts generated by Snort.  The analysis tools allow


you to make sense of the captured data instead of spending lots of time


with Snort log files.


Other tools that can be used with Snort are listed below. Each of them has


a specific task. A comprehensive working Snort system utilizes these


tools to provide a web based user interface with a backend database.


  MySQL is used with Snort to log alert data. Other databases like Ora 


cle can also be used but MySQL is the most popular database with


Snort. In fact, any ODBC compliant database can be used with Snort.


23








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved