170
Chapter 5 Using Snort with MySQL
mysql> select * from services where port<30 and port>20;
+ + + + +
| port | protocol | name | description |
+ + + + +
| 21 | 6 | ftp | File Transfer [Control] |
| 21 | 17 | ftp | File Transfer [Control] |
| 22 | 6 | | Unassigned |
| 22 | 17 | | Unassigned |
| 23 | 6 | telnet | Telnet |
| 23 | 17 | telnet | Telnet |
| 24 | 6 | | Unassigned |
| 24 | 17 | | Unassigned |
| 25 | 6 | smtp | Simple Mail Transfer |
| 25 | 17 | smtp | Simple Mail Transfer |
| 26 | 6 | | Unassigned |
| 26 | 17 | | Unassigned |
| 27 | 6 | nsw fe | NSW User System FE |
| 27 | 17 | nsw fe | NSW User System FE |
| 28 | 6 | | Unassigned |
| 28 | 17 | | Unassigned |
| 29 | 6 | msg icp | MSG ICP |
| 29 | 17 | msg icp | MSG ICP |
+ + + + +
18 rows in set (1.14 sec)
mysql>
5.1.6
Step 6: Modify snort.conf Configuration File
After configuring the database and creating tables and user, you need to edit the
snort.conf file. These lines in the file will enable logging of log messages to the
MySQL database:
output database: log, mysql, user=rr password=rr78x \
dbname=snort host=localhost
In the above line, name of the database is snort and the MySQL server is run
ning on localhost. The user for the database is rr and it has a password rr78x. If
the user has no password, the line should be like the following:
output database: log, mysql, user=rr dbname=snort \
host=localhost
The database is located on MySQL server running on the localhost, the
machine where Snort is installed. If you have a separate database server, you can spec
ify the name of the server on this line in the snort.conf file. For example, if the
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved