150


Chapter 4     Plugins, Preprocessors and Output Modules


The plus and the hyphen character can be clicked in all places on the XML docu 


ment to hide or reveal details about a particular section of the XML document. For


more information on XML, you can consult any of the available texts or go to the XML


web site at http://www.xml.org.


4.2.7


Logging to Databases


Databases are used with Snort to store log and alert data. Logging data to files in


the disk is fine for smaller applications. However, keeping log data in disk files is not


appropriate when you have multiple Snort sensors or you want to keep historical data as


well. Databases also allow you to analyze data generated by Snort sensors. For exam 


ple, if you want to find the top 15 alerts that are generated most frequently, you can use


SQL statements for the database. Finding the same information from log files is diffi 


cult. Similarly, if you want to find the most active attackers in the month of November


2002, it is very easy to find out that information from a database.


You can use multiple types of databases with Snort including Oracle and MySQL.


Using the database is discussed in detail in the next chapter. For the sake of complete 


ness of discussion about output modules, consider the following line.


output database: log, mysql, user=rr password=rr \


 dbname=snort host=localhost


This line configures MySQL to be used as the database running on the same


machine where Snort is running. All messages are logged to the database named  snort 


which you need to create manually before you can start using it. Snort will access this


database using user name  rr  and password  rr . Note that rr is not a UNIX user, it is a


database user. You have to create this user name and password yourself as well. Refer to


Chapter 5 for details about how to configure MySQL database for use with Snort.


The general format for using the database is as follows:


output database: , , \


  


The database type is mysql, postgressql, oracle and so on. List of parameters that


can be used is shown in Table 4 2. Parameters are separated with a space character in


the configuration file (snort.conf). Most of these parameters are optional.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved