C
H A P T E R
5
Using Snort with 
MySQL
ll systems need some type of efficient logging feature, usually
A
using a database at the backend. Snort can be made to work with
MySQL, Oracle or any other Open Database Connectivity (ODBC) com 
pliant database.
1
 You already know from the discussion of output modules
in the previous chapter that you can save logs and alerts to a database.
Logging to a database is very useful for maintaining history data, generat 
ing reports and analyzing information. By using other tools like Analysis
Control for Intrusion Detection (ACID), discussed in the next chapter, you
can get very useful information from the database about attack patterns.
For example, you can get a report about the last fifteen unique attacks,
information about hosts that are continuously attacking your network, the
distribution of attacks by different protocols, and so on.
Since MySQL is a freely available database and works perfectly well on
Linux and other operating systems, this is a natural choice for Snort.
Some different scenarios for using a database with Snort are:
  You can install and run the MySQL database server on the same machine where
Snort is running, as shown in Figure 5 1.
1.
ODBC provides a standard way for clients to connect to a database. Refer to ODBS FAQ at http://
www.ensyncsolutions.com/odbc_faq.htm or http://www.odbc.org for more information.
157






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved