172
Chapter 5 Using Snort with MySQL
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( mysql )
database: configured to use mysql
database: user = rr
database: database name = snort
database: host = localhost
database: sensor name = 10.100.1.111
database: sensor id = 1
database: schema version = 105
database: using the "log" facility
886 Snort rules read...
886 Option Chains linked into 99 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
Rule application order: >activation >dynamic >alert >pass
>log
== Initialization Complete ==
*> Snort! <*
Version 1.8.6 (Build 105)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
The name of the database, the name of user and the host where the database is
installed are all listed in the output. The schema version is saved in the schema table in
MySQL database.
5.1.8
Step 8: Logging to Database
After configuring the database properly, you should check if log and alert mes
sages are being saved in the database tables. We use the following two rules for Snort to
test the database.
alert ip any any > any any (ipopts: lsrr; msg: \
"LSRR Options set"; logto: "test";)
alert icmp any any > 192.168.1.0/24 any (fragbits: D; \
msg: "Dont Fragment bit set";)
To test these rules, we use the following two commands on a Microsoft Windows
machine. I have used Windows XP Home Edition for the sake of experiment.
ping n 1 f 192.168.1.2
ping n 1 j 192.168.1.2 192.168.1.2
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved