[Snort-users] Snort-inline

Slighter, Tim tslighter at ...5174...
Mon Apr 28 09:59:16 EDT 2003


For those out there wishing to use snort-inline with mysql...have figured
out how to get it working


Must have's:

snort-2.0.0
snort-inline (any version 1.91 or higher)
mysql
apache + php
acid + phplot + adodb + jpgraph


Here is what I did to make things work.

First configure regular snort as "./configure --with-mysql" and then "make"
and "make install"

next configure snort-inline as "./configure --enable-inline --with-mysql"
and "make" and "make install".

The rest of the apache + php + acid + phplot + adodb + jpgraph etc....all
those things everyone knows that stuff.  Use the doc on snort.org to
configure iptables and ip_queue etc....

the key here is that regular snort MUST be configured --with-mysql.
Afterall, snort-inline is using the snort.conf file.  so configure the
snort.conf file just like you were setting it up for snort + acid + mysql.
With that done, I am getting all attempted scans and exploits dropped and
they are showing up in the mysql database and on the ACID console.

That's all folks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030428/a311e729/attachment.html>


More information about the Snort-users mailing list