[Snort-users] Snort Archive Database Creation Script

Charles Heselton charles.heselton at ...11827...
Sat Jul 31 00:03:00 EDT 2004


On Sat, 31 Jul 2004 01:42:38 -0500, Paul Schmehl <pauls at ...6838...> wrote:
> --On Friday, July 30, 2004 5:52 PM -0700 Charles Heselton
> <charles.heselton at ...11827...> wrote:
> 
> > Hi all.  Don't know if this question has been asked before.  I wasn't
> > able to find too much on google or the list archive.
> >
> > I would like to be able to archive events picked up by my snort IDSs.
> > Now, I know that ACID has this functionality.  But I also know that
> > you have to have the database backend.  Does anyone know if 1) the DB
> > setup script that comes with the snort package will work for the
> > "snort-archive" db?
> 
> Yes, it will, but first you have to create the database.
> 
> or 2) if there's a snort-archive db setup script
> > that I missed in the package?
> 
> No, there is not.
> 
> or 3) is there a 3-rd party script some
> > where out there in userland?
> 
> There could be, but I'm not aware of one.
> 
> >  I'm not the most savvy mysql DBA, so it
> > would be non-trivial for me to try to set up the db myself.
> >
> Then you're going to have to start reading.  Mysql.com has very good
> documentation, or you can buy a book on mysql.
> 
> To create a database, you log in to mysql:
> 
> % mysql -u root -p (you'll be prompted for the password)
> 
> Once you've logged in successfully, you'll need to create the database:
> 
> mysql > create database snort_archive; (or whatever you want to name it)
> 
> Then you have to grant rights to the database to the user that will be
> logging in:
> 
> mysql > grant select,insert,create,delete on snort_archive.* to
> user at ...274...;
> 
> Then exit:
> 
> mysql > quit;
> 
> Then you can create the tables for the database like this:
> 
> % mysql -u root -p snort_archive < /path/to/create_mysql
> 
> The create_mysql script comes with the snort distribution.
> 
> > Any guidance would be appreciated.
> >
> Hope this helps.
> 
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
> 


Paul, those were exactly the steps that I followed, but I gleaned the
instructions from this site: 
http://www.bigwebmaster.com/General/Howtos/Snort-Statistics-HOWTO/configuration.html

Worked like a charm.  I just had to give google the right search
string.  Thanks for the tips tho.  ;)
-- 
Charlie Heselton
Network Security Engineer




More information about the Snort-users mailing list