C
H A P T E R
2
Installing Snort and
Getting Started
Snort installation may consist of only a working Snort daemon or
A
of a complete Snort system with many other tools. If you install
only Snort, you can capture intrusion data in text or binary files and then
view these files later on with the help of a text editor or some other tool
like Barnyard, which will be explained later in this book. With this simple
installation you can also send alert data to an SNMP manager, like HP
OpenView or OpenNMS, in the form of SNMP traps. Alert data can also
be sent to a Microsoft Windows machine in the form of SMB pop up win
dows. However, if you install other tools, you can perform more sophisti
cated operations on the intrusion data, such as logging Snort data to a
database and analyzing it through a web interface. Using the web inter
face, you can view all alerts generated by Snort. The analysis tools allow
you to make sense of the captured data instead of spending lots of time
with Snort log files.
Other tools that can be used with Snort are listed below. Each of them has
a specific task. A comprehensive working Snort system utilizes these
tools to provide a web based user interface with a backend database.
MySQL is used with Snort to log alert data. Other databases like Ora
cle can also be used but MySQL is the most popular database with
Snort. In fact, any ODBC compliant database can be used with Snort.
23
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved