[Snort-users] SNORT (Linux) / MySQL (Win32)

M. Salman Farisi msalmanf at ...11176...
Tue Feb 10 16:45:00 EST 2004


I've tried the rpms of snort but there were problems :

when i tried to restart snortd /etc/init.d/snortd restart [FAILED]
when i test snort : snort -T -c /etc/snort/snort.conf it said :

ERROR : /etc/snort/snort.conf(285) =>invalid file name for IIS Unicode Map
file, Fatal Error, Quitting..

Do the rpms packages create database automatically ? what should i do then
?
I have checked mysql database for user snort but no database created after
the installation

Please help me...
thank you


On Tue, 10 Feb 2004, JP Vossen wrote:

> > From: "MVIBE" <mvibe at ...11173...>
> > To: <snort-users at lists.sourceforge.net>
> > Date: Mon, 9 Feb 2004 17:47:23 -0600
> > Subject: [Snort-users] SNORT (Linux) / MySQL (Win32)
> >
> > To keep it simple. I have a small network. MySQL is active on a WIN32 Box,
> > has been for sometime now for some web development. I am interested in
> > running SNORT, but wish to do this from one of my Linux Firewall. I know
> > that to compile SNORT with MySQL support I am to use the --with-mysql
> > configure switch.
>
> OK, first, ideally a firewall is JUST a firewall.  I know there is a great
> temptation to run Snort on it, since it's in a perfect place.  Be aware that
> you are adding complexity and potentially reducing the security of the
> firewall if you do this.  In some (perhaps many) cases running Snort on the FW
> may be entierly justified.
>
> Second, please tell me you don't have a compiler on the firewall!  If you do,
> remove it.  A firewall should be just a firewall, and having a compiler on it
> opens up all kinds of Evil Things should the box ever be compromised.  The
> theory is that an Evil Cracker can download and compile all sorts of nasty
> things, so don't have a compiler on a security device.  The same argument may
> be made for lots of other things, like Perl...  YMMV, evaluate your risk, etc.
> In general, the first principal of hardening (and what should be more hardened
> than the firewall?) is--if it ain't installed it can't be cracked.  Less is
> much better.
>
>
> > The problem I am encountering is that for this switch to work, ./configure
> > needs to find the mysql.h header file.
>
> <snip>
>
> > What am I missing, Is this possible (ie running SNORT on Linux with MySQL on
> > Win32)?
>
>
> Yes.  My recommendation is to use the Snort RPMs (but I'm biased).  See
> http://www.starken.com/snort/ for the latest RPMs that have not made it to the
> Snort.org site yet.
>
> Install snort and snort-mysql on the firewall (shudder) and you're all set.
>
> Later,
> JP
> ------------------------------|:::======|--------------------------------
> JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
> My Account, My Opinions       |=========|       http://www.jpsdomain.org/
> ------------------------------|=========|--------------------------------
> You used to have to reboot the Windows 9.x series every couple of days
> because it would crash.  Now you have to reboot Windows 200x or XP every
> couple of days because of a patch.  How is that better or more stable?
>
>
>




More information about the Snort-users mailing list