[Snort-users] Re:Newbie install on OpenBSD 3.2

S. sleepy at ...7582...
Mon Jan 27 21:07:10 EST 2003


----- Original Message -----
From: "Jobs" <applications at ...7582...>
To: <siobahn at ...8109...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Monday, January 27, 2003 7:58 PM
Subject: Re:Newbie install on OpenBSD 3.2


>   From: "Siobahn Hotaling" <siobahn at ...8109...>
> > To: <snort-users at lists.sourceforge.net>
> > Date: Mon, 27 Jan 2003 19:49:21 -0800
> > Subject: [Snort-users] Newbie Install on OpenBSD Question
> >
> > I've been scouring the Snort FAQ and README's all day, but I still have
a
> > few unsolved questions and I was hoping that someone could help.
> > (installing from ports on OpenBSD 3.2)
> Keep in mind the ports version is 1.8.6 , not that this is bad but just
> remember that.
>
> > 1.  The machine I am installing on is a web server that is also
configured
> > as a firewall to an internal network, but I am more interested in the
> > traffic that comes into the server (not into the internal network).  If
> this
> > is so, do I configure the $HOME_NET and $EXTERNAL_NET IP addresses both
to
> > be the IP address of the server?
> No. The external net means machines that dont belong to your network, that
> are not friends, that you want to activate snort signature matching for.
> so in your case $HOME_NET will be <visible external ip address>
>  $EXTERNAL_NET will be ! $HOME_NET.
> one thing you would want to know here is packets from your internal
network
> destined to the machine external IP ( which should not happen) will be
> processed by snort.
> if you want to monitor your internal users then $HOME_NET should have both
> IP's
>
> there is a sample snort.conf file, you should find it in
> /usr/local/share/examples/snort
> there is also a collection of rules
> pkg_info snort | more should help
>
> >
> > 2.  I can't find the sql statements to create the tables snort needs to
> put
> > the logs into a mysql database anywhere - nothing showed up in the
install
> > directory.
> >
> read the README file for flags to compile the port with SQL Support.
> in any case, if you dont find a file called snortdb.sql or such then get
it
> from snort's website for the same version to insure DB schema did not
> change, and then execute it.
> for MySQL
> mysql -u user -p
> mysql>create database snort
> mysql>quit
> #mysql -u user -p snort < snortdb.sql
> make sure you give permissions to the snort user to connect, write to the
> DB.
>
> if you are thinking about logging to a DB because you want to run ACID,
that
> is excellent choice. but I would like to promote a software I wrote
> (currently win32) that can read snort XML Logs screen shot is @
> http://www.maximumunix.org/images/ScreenShotSnort.jpg
> I am almost done porting it to Unix, my test environment is openBSD 3.2 so
> you will feel right at home.
> get snort working and try logging to XML while i am finishing up :-)
>
> > Any help would be much appreciated!
> >
> > Thanks
>
>





More information about the Snort-users mailing list