Snort mailing list archives

RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary

From: "Stephen Shepherd" <StephenShepherd () tac-denver com>
Date: Thu, 6 Sep 2001 17:13:58 -0600

Chris you are the man.  I guess I should have done a little more diggin
before I posted the question on TSQL script.  I found the file and I
have the DB and Table structure created.  I went ahead and created a DB
user "snort" and made him DBO on the Snort DB.  I set him up as a
standard SQL server logon (Not Windows Auth).  If I recall right DBLIB
does not support integrated NT auth.  Is that correct?  I will work on
getting snort logging over to the DB next. 
 
BTW I think it is great that you have taken the time to work this out.
If there is anything I can help with testing just let me know.  I am
using a sensor running on a multihomed Win2K workstation, and my SQL
Server is MS SQL 2000.  
 
Thanks again..

-----Original Message-----
From: Chris Reid [mailto:Chris.Reid () CodeCraftConsultants com]
Sent: Thursday, September 06, 2001 13:11
To: drew600_1999 () yahoo com; Snort Users List (E-mail)
Subject: Re: [Snort-users] Silcondefense.com Snort_1.8.b77_MSSQL_Binary


 
Stephen,
 
I was the one who wrote the support for SQL Server in Snort.  For
clarification, no it does not use ODBC.  Rather, it uses SQL Server's
"DBLIB".  To get the TSQL script for creating tables/indexes, you will
need to download the Snort source code.  In there, you can find the TSQL
script in the "contrib" directory (it's a file called "create_mssql").
To enable logging to the SQL Server database, there should be an example
in the "snort.conf" file.
 
To install Snort (with SQL Server support) on a Win32 machine, it is
reasonably comparable to installing Snort with support for MySQL, while
remembering to make any reasonable replacements of "MySQL" with "SQL
Server".  The instructions can be found here:
 
    http://www.snort.org/docs/acid-win32.html
<http://www.snort.org/docs/acid-win32.html> 
 
Chris Reid
 
 

----- Original Message ----- 
From: Stephen  <mailto:drew600_1999 () yahoo com> Shepherd 
To: Snort Users List  <mailto:snort-users () lists sourceforge net>
(E-mail) 
Sent: Thursday, September 06, 2001 10:44
Subject: [Snort-users] Silcondefense.com Snort_1.8.b77_MSSQL_Binary

I discovered this file out on the SD website.  It looks as if they have
compiled Snort with support for Microsoft SQL Server.  I imagine this is
via ODBC but I am looking for some more info.  I will try to contact
them as well, but I thought I would post here and see if anyone would
chime in.  I plan on playing with this today but I thought I would ask
if anyone has TSQL scripts for table creation.  If not I will see what I
can do with the MySql setup script.  If I am successful I will post the
TSQL up for anyone that is interested.
 
Thanks...


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 06)
- Re: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Chris Reid (Sep 06)
- <Possible follow-ups>
- RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 06)
- RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Burleson, Lee (IA) (Sep 14)
- Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 17)
  - RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary John Berkers (Sep 18)
- Re: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Wayne T Work (Sep 17)
- RE: Silcondefense.com Snort_1.8.b77_MSSQL_Binary Stephen Shepherd (Sep 18)