C


H A P T E R


5


Using Snort with 


MySQL


ll systems need some type of efficient logging feature, usually


A


using a database at the backend. Snort can be made to work with


MySQL, Oracle or any other Open Database Connectivity (ODBC) com 


pliant database.


1


 You already know from the discussion of output modules


in the previous chapter that you can save logs and alerts to a database.


Logging to a database is very useful for maintaining history data, generat 


ing reports and analyzing information. By using other tools like Analysis


Control for Intrusion Detection (ACID), discussed in the next chapter, you


can get very useful information from the database about attack patterns.


For example, you can get a report about the last fifteen unique attacks,


information about hosts that are continuously attacking your network, the


distribution of attacks by different protocols, and so on.


Since MySQL is a freely available database and works perfectly well on


Linux and other operating systems, this is a natural choice for Snort.


Some different scenarios for using a database with Snort are:


  You can install and run the MySQL database server on the same machine where


Snort is running, as shown in Figure 5 1.


1.


ODBC provides a standard way for clients to connect to a database. Refer to ODBS FAQ at http://


www.ensyncsolutions.com/odbc_faq.htm or http://www.odbc.org for more information.


157








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved