[Snort-users] Silcondefense.com Snort_1.8.b77_MSSQL_Binary

Stephen Shepherd StephenShepherd at ...3353...
Thu Sep 6 16:14:02 EDT 2001


Chris you are the man.  I guess I should have done a little more diggin
before I posted the question on TSQL script.  I found the file and I
have the DB and Table structure created.  I went ahead and created a DB
user "snort" and made him DBO on the Snort DB.  I set him up as a
standard SQL server logon (Not Windows Auth).  If I recall right DBLIB
does not support integrated NT auth.  Is that correct?  I will work on
getting snort logging over to the DB next. 
 
BTW I think it is great that you have taken the time to work this out.
If there is anything I can help with testing just let me know.  I am
using a sensor running on a multihomed Win2K workstation, and my SQL
Server is MS SQL 2000.  
 
Thanks again..

-----Original Message-----
From: Chris Reid [mailto:Chris.Reid at ...2817...]
Sent: Thursday, September 06, 2001 13:11
To: drew600_1999 at ...131...; Snort Users List (E-mail)
Subject: Re: [Snort-users] Silcondefense.com Snort_1.8.b77_MSSQL_Binary


 
Stephen,
 
I was the one who wrote the support for SQL Server in Snort.  For
clarification, no it does not use ODBC.  Rather, it uses SQL Server's
"DBLIB".  To get the TSQL script for creating tables/indexes, you will
need to download the Snort source code.  In there, you can find the TSQL
script in the "contrib" directory (it's a file called "create_mssql").
To enable logging to the SQL Server database, there should be an example
in the "snort.conf" file.
 
To install Snort (with SQL Server support) on a Win32 machine, it is
reasonably comparable to installing Snort with support for MySQL, while
remembering to make any reasonable replacements of "MySQL" with "SQL
Server".  The instructions can be found here:
 
    http://www.snort.org/docs/acid-win32.html
<http://www.snort.org/docs/acid-win32.html> 
 
Chris Reid
 
 

----- Original Message ----- 
From: Stephen  <mailto:drew600_1999 at ...131...> Shepherd 
To: Snort Users List  <mailto:snort-users at lists.sourceforge.net>
(E-mail) 
Sent: Thursday, September 06, 2001 10:44
Subject: [Snort-users] Silcondefense.com Snort_1.8.b77_MSSQL_Binary

I discovered this file out on the SD website.  It looks as if they have
compiled Snort with support for Microsoft SQL Server.  I imagine this is
via ODBC but I am looking for some more info.  I will try to contact
them as well, but I thought I would post here and see if anyone would
chime in.  I plan on playing with this today but I thought I would ask
if anyone has TSQL scripts for table creation.  If not I will see what I
can do with the MySql setup script.  If I am successful I will post the
TSQL up for anyone that is interested.
 
Thanks...





More information about the Snort-users mailing list