160


Chapter 5     Using Snort with MySQL


After going through this chapter, you should be able to install Snort and MySQL


so that all of the Snort activity is logged to the database. You should also be able to set


up a centralized database server and enable multiple Snort machines to log to this


server. The last part of this chapter provides information about using the Stunnel packet


for secure data exchange between Snort machine and a remote database server.


5.1 Making Snort Work with MySQL


There are a few basic steps to make Snort work with MySQL. A high level step 


by step approach to build a Snort MySQL system follows. Details of each step will be


presented later in the chapter.


1. Compile Snort with MySQL support and install it. Make sure that Snort is


working properly by creating some alert messages. You have to use   with 


mysql command line argument with the configure script as mentioned in


Chapter 2.


2. Install MySQL and use  mysql client to make sure the database is available.


See Appendix C for basic information about how to get started with MySQL.


3. Create a database on the MySQL server for Snort. I have named this database


 snort.  You may choose any name for the database. This is explained later in


this chapter.


4. Create a user name and password in the database. The user name will be used


by Snort to log data.


5. Create tables in this database using scripts that came with Snort distribution in


the contrib directory. 


6. Modify the snort.conf file to enable the database plug in as explained later.


You will use the database name, user name and password for the database that


you just created.


7. Restart Snort. If everything goes well, Snort will start logging to the database.


8. Generate some alerts and use the  mysql client program to make sure that


alerts are being logged into the database.


The rest of the chapter will provide explanations about how to perform all of these


steps. The next chapter discusses the use of ACID, which will make real use of the work


that you do in this chapter.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved