[Snort-users] RE: Mysql 101 (ACID config)

Maarten Hartsuijker maarten at ...6238...
Sun Oct 20 12:03:04 EDT 2002


Hi Edward,

A new version of snort is almost always accompanied by a new mysql database
schema. In your case, you need to start using schema 1.06 in stead of 1.05.
If your old snort data is not that important to you, you could drop your
current database and start from scratch. If you like to keep a bit of
history, you could also create a new database (ie. snort19) and a new acid
document root (ie. acid19) and keep the old ones in tact for accessing old
data.

Anyway, here are some steps you can use for installing a new snort database:
1. Have mysql up and running
2. log in as root and create a snort19 database (create database snort19;)
3. cd snort-1.9.0
4. create tables: mysql -u root -h localhost -D snort19 -p <
./contrib/create_mysql
5. create add. tables: zcat ./contrib/snortdb-extra.gz | mysql -u root -D
snort19 -h localhost -p
6. give your snort user sufficient rights (if you are lazy: grant INSERT,
SELECT, DELETE, UPDATE on snort.* to snort19 at ...274...;)
7. give the user a password: UPDATE user SET
Password=PASSWORD('Mysqlsnortpw') WHERE user='snort19'; FLUSH PRIVILEGES;

Now you can install acid, add the user and database to the configuration,
edit DBlib_path, Chartlib_path and portscan file. Then create the acid alert
groups. Next add the user to snort.conf. Start snort, start your webserver
and you are back in business.

maarten








More information about the Snort-users mailing list