[Snort-users] Snort Archive Database Creation Script
charles.heselton at ...11827...
Sat Jul 31 00:03:00 EDT 2004
On Sat, 31 Jul 2004 01:42:38 -0500, Paul Schmehl <pauls at ...6838...> wrote:
> --On Friday, July 30, 2004 5:52 PM -0700 Charles Heselton
> <charles.heselton at ...11827...> wrote:
> > Hi all. Don't know if this question has been asked before. I wasn't
> > able to find too much on google or the list archive.
> > I would like to be able to archive events picked up by my snort IDSs.
> > Now, I know that ACID has this functionality. But I also know that
> > you have to have the database backend. Does anyone know if 1) the DB
> > setup script that comes with the snort package will work for the
> > "snort-archive" db?
> Yes, it will, but first you have to create the database.
> or 2) if there's a snort-archive db setup script
> > that I missed in the package?
> No, there is not.
> or 3) is there a 3-rd party script some
> > where out there in userland?
> There could be, but I'm not aware of one.
> > I'm not the most savvy mysql DBA, so it
> > would be non-trivial for me to try to set up the db myself.
> Then you're going to have to start reading. Mysql.com has very good
> documentation, or you can buy a book on mysql.
> To create a database, you log in to mysql:
> % mysql -u root -p (you'll be prompted for the password)
> Once you've logged in successfully, you'll need to create the database:
> mysql > create database snort_archive; (or whatever you want to name it)
> Then you have to grant rights to the database to the user that will be
> logging in:
> mysql > grant select,insert,create,delete on snort_archive.* to
> user at ...274...;
> Then exit:
> mysql > quit;
> Then you can create the tables for the database like this:
> % mysql -u root -p snort_archive < /path/to/create_mysql
> The create_mysql script comes with the snort distribution.
> > Any guidance would be appreciated.
> Hope this helps.
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
Paul, those were exactly the steps that I followed, but I gleaned the
instructions from this site:
Worked like a charm. I just had to give google the right search
string. Thanks for the tips tho. ;)
Network Security Engineer
More information about the Snort-users