Snort mailing list archives
RE: remote snort sensor
From: "Raynaud, Francois" <francois.raynaud () uk mci com>
Date: Wed, 4 May 2005 21:17:58 +0100
Thanks a lot. If only I didn't follow the manual.... It appears that when compiling Snort without mysql support first, you need to issue the 'make clean' command before trying to re-compile any other version of Snort, i.e: --with-mysql, --with-flexresp,... Yes (to all Unix sysadmins), this is normal in an Unix system, just don't forget to think about it ;) Hope that helps... francois -----Original Message----- From: Xavier Cabrera [mailto:xavierc () devilcrack org] Sent: 04 May 2005 21:11 To: Raynaud, Francois Cc: 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] remote snort sensor Compile your snort whit MySQL support just like before. Even if your remote machine does not run the database.... Later you can send this alerts to the correct database configuring in the snort.conf or with barnyard... in the snort.conf output database: log, mysql, user=snort password=test dbname=snort host=172.15.2.1 sensor_name=snort1_remote (where 172.15.2.1 its the mysql server) or with barnyard + ACID # acid_db #------------------------------- # Available as both a log and alert output plugin. Used to output data into # the db schema used by ACID # Arguments: # $db_flavor - what flavor of database (ie, mysql) # sensor_id $sensor_id - integer sensor id to insert data as # database $database - name of the database # server $server - server the database is located on # user $user - username to connect to the database as # password $password - password for database authentication output alert_acid_db: mysql, sensor_id snort1remote.mycompany.net, database snort, server ids.mycompany.net, user snort, password yourpassword output log_acid_db: mysql, database snort, server ids.mycompany.net, user snort, password yourpassword, detail full where 'server ids.mycompany.net' its the name resolution for your mysql server I hope this can help you Regards Xavier C. Raynaud, Francois wrote:
Hi All, My existing architecture is as follows : - Mysql database - Apache with PHP to run BASE - one snort sensor This is all working perfectly no problem. Following this installation I started building a remote snort sensor with mysql support. I have installed the shared compatible librairies for Mysql and built snort with the --with-mysql switch. The problem occurs when I try to start snort with the following commadn : snort -c /etc/snort/snort-2.3.3/etc/snort.conf -l /var/log/snort The system comes back with this error : database : 'mysql' support is not compiled into this build of snort. Anybody could give me some pointers on where to look ? Cheers, *Francois Raynaud* Senior Network Security specialist International Security Group Sametime: francois.raynaud Vnet: 419 6041
Current thread:
- remote snort sensor Raynaud, Francois (May 04)
- Re: remote snort sensor Xavier Cabrera (May 04)
- <Possible follow-ups>
- RE: remote snort sensor Raynaud, Francois (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)
- Message not available
- Re: ClamAV + Snort Xavier Cabrera (May 04)
- Message not available
- Re: ClamAV + Snort Xavier Cabrera (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)