[Snort-users] Creating a PostgreSQL database for snort on Debian system

waldo kitty wkitty42 at ...14940...
Mon Jan 21 20:49:38 EST 2013

On 1/21/2013 17:18, giulia603 at ...16050... wrote:
> I was following the guide on this link:
> http://raidersec.blogspot.it/2012/03/how-to-setup-and-configure-snort-for.html
> but when I run this command
> $ zcat /usr/share/doc/snort-pgsql/create_postgresql.gz | psql snort
> I'm getting an error: seems he don't recognize the package "create ".
> Moreover I don't have the ~$ sudo nano /etc/snort/database.conf file.
> I've looked a lot around the web about this problem but i'm still in trouble.
> Is the guide that i'm using out of date?
> What am I doing wrong?

is that guide using barnyard2 for the database populating? if not, then it is 
likely out of date... snort doesn't talk to databases directly any more... it 
needs to spend time sniffing the data stream and posting alerts to the alert 
files... barnyard2 will then read those alert files and properly add the alerts 
to the database being used...

by using this method, if the database cannot be contacted for some reason, snort 
can keep on doing its job instead of not sniffing while waiting on the database...

