Snort Installation Scenarios


25


In a production installation, you also need to implement startup and shutdown pro 


cedures so that Snort automatically starts at boot time. If you are installing a precom 


piled version for Linux, the installation procedure with RPM will take care of it. On


Microsoft Windows systems, you can start Snort as a service or put a batch file in the


startup group. Issues related to Microsoft Windows are covered in Chapter 8. The log 


ging is done in text or binary files and tools like SnortSnarf can be used to analyze data.


SnortSnarf is discussed in Chapter 6 in detail.


2.1.3


Single Sensor with Network Management System Integration


In a production system, you can configure Snort to send traps to a network man 


agement system. There are a variety of network management systems used in the enter 


prise. The most popular commercial systems are from Hewlett Packard, IBM and


Computer Associates.


Snort integration into these network management systems is done through the use


of SNMP traps. When you go through the compilation process of Snort later in this chap 


ter, you will learn how to build SNMP capability into Snort. Chapter 4 provides more


information about configuring SNMP trap destinations, community names and so on.


2.1.4


Single Sensor with Database and Web Interface


The most common use of Snort should be with integration to a database. The data 


base is used to log Snort data where it can be viewed and analyzed later on, using a


web based interface. A typical setup of this type consists of three basic components:


1. Snort sensor


2. A database server


3. A web server


Snort logs data into the database. You can view the data using a web browser con 


nected to the sensor. This scheme is shown in Figure 1 1 in Chapter 1. All three compo 


nents can be present on the same system as shown in Figure 1 2 in Chapter 1.


Different types of database servers like MySQL, PostgresSQL, Oracle, Microsoft


SQL server and other ODBC compliant databases can be used with Snort. PHP is used


to get data from the database and to generate web pages.


This setup provides a very good and comprehensive IDS which is easy to manage


and user friendly. You have to provide a user name, password, database name and data 


base server address to Snort to enable it to log to the database. In a single sensor


scheme where the database is running on the sensor itself, you can use  localhost  as








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved