[Snort-users] Snort to Oracle
Kreimendahl, Chad J
Chad.Kreimendahl at ...4716...
Fri Jan 3 16:34:03 EST 2003
Download Oracle from the OTN site:
If you're only using it for snort, try 9i Lite. If you're going to use
some customized interface in a language like perl or C, you may want to
just go ahead and get the whole DB... (9i lite may have the libs you
need, but I have yet to see anyone test it).
Recompile the latest version of snort (1.9 or current) from cvs. Using
Where $ORACLE_HOME is the variable you set as your ORACLE_HOME when you
Also, you MUST make sure ORACLE_HOME is defined for all users that are
going to use ORACLE... I recommend just doing it in /etc/profile.
In the contrib folder, make sure you create the database in oracle...
And make sure you set up a user to access that db. This part is
definitely much more dificult than MySQL... Oracle is much more picky.
Then, in the config file...
output database: alert, oracle, user=<oracle_user> dbname=<db_sid>
password=<password> sensor_name=<name for your sensor>
From: Steven Rudolph [mailto:srudolph at ...4612...]
Sent: Friday, January 03, 2003 10:06 AM
To: Snort-Users (E-mail)
Subject: [Snort-users] Snort to Oracle
Does anyone have any tips/tricks on getting snort to send logs to
I am getting well over 15K detected attempts a day and my database grows
too quickly for MySql to handle (my current setup)
I have been using the Acid front end to help analyze.
Steve Rudolph, CCSE
Network Security Engineer
Internet Operations Center
More information about the Snort-users