Making Snort Work with MySQL
161
5.1.1
Step 1: Snort Compilations with MySQL Support
Snort must be compiled with with mysql if you want to use MySQL data
base with Snort. This is done with the help of the configure script as explained in
Chapter 2. A typical configure script command line follows:
./configure prefix=/opt/snort with mysql=/usr/lib/mysql
When you run the configure script, I would recommend adding support for other
components such as SNMP, which is very useful. MySQL libraries must be present in
/usr/lib/mysql directory for successful compilation. Refer to Chapter 2 for
details.
5.1.2
Step 2: Install MySQL
I would suggest installing the MySQL database packages that come with RedHat
or other Linux distributions. MySQL is also available for Microsoft Windows plat
forms. This is the easiest way to install the database. However you can also download
MySQL database server and client software in the source code form from its web site at
http://www.mysql.org and compile and install it yourself. However, this is recom
mended only for very experienced users.
5.1.3
Step 3: Creating Snort Database in MySQL
Once you have compiled Snort with MySQL support, the next step is to create
MySQL database where Snort can log data. Before you start using MySQL, make sure
that MySQL server is running on the machine that is being used as the database server.
You can use ps ef | grep mysql command for this purpose. If this command
shows MySQL processes, it means that the server is running. If you are using a single
machine, you can have the database server running on the machine where Snort is
installed. As mentioned earlier, you can also have a separate database server. For the
purpose of this book, I have used a single machine and all components including Snort
and MySQL server are installed on it.
You can download and install the latest MySQL server from http://
www.mysql.org web site or get the RPM package that is part of your RedHat installa
tion disk. For people running Snort on Microsoft Windows machines, it is better to get
the binary installable package. You can use the root database user to create the
snort database and grant needed privileges to the rr user.
The mysql client program is used to connect to the database server. You can use
any name for the Snort database and any name for the user to access this database. For
the purpose of this book, we are creating a database named snort and a user rr
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved