184

Chapter 6     Using ACID and SnortSnarf with Snort

The following lines in 

acid_conf.php

 file set up archive database information

where ACID archives data. This part is not necessary for Snort or ACID operation. It is

required only if you want to archive data using ACID.

$alert_dbname   = "snort_archive";

$alert_host     = "localhost";

$alert_port     = "";

$alert_user     = "rr";

$alert_password = "rr78x";

The following line in 

acid_conf.php

 file sets up the location of PHPLOT

files.

$ChartLib_path = "./phplot 4.4.6";

After going through this practice, make sure that Snort, MySQL server, and

Apache server are running. Now you are ready to start using the web interface of ACID.

6.3 Using ACID

If you have installed everything as mentioned above, you should be able to access

ACID by going to URL http://acid/. My web server is running on IP

address 192.168.1.2, so I can go the URL http://192.168.1.2/acid/.

The first time you go to this URL, ACID needs to do some setup tasks and you

will see a web window like the one shown in Figure 6 1.

At this screen, click the Setup page link and you will move to the DB Setup page

shown in Figure 6 2.

In Figure 6 2, click the  Create ACID AG  link so that ACID can create its own

table to support Snort. ACID creates its own tables in the main Snort database and uses

these tables for its own housekeeping data. More discussion about ACID tables is pre 

sented later in this chapter. Figure 6 3 shows the result of creating these new tables.

As shown in Figure 6 3, you can click the  Main Page  link towards the bottom of

the page to go to the main ACID page. Web pages shown in Figures 6 1, 6 2 and 6 3

will not be displayed the next time you start using ACID.