[Snort-users] Creating a PostgreSQL database for snort on Debian system
wkitty42 at ...14940...
Mon Jan 21 20:49:38 EST 2013
On 1/21/2013 17:18, giulia603 at ...16050... wrote:
> I was following the guide on this link:
> but when I run this command
> $ zcat /usr/share/doc/snort-pgsql/create_postgresql.gz | psql snort
> I'm getting an error: seems he don't recognize the package "create ".
> Moreover I don't have the ~$ sudo nano /etc/snort/database.conf file.
> I've looked a lot around the web about this problem but i'm still in trouble.
> Is the guide that i'm using out of date?
> What am I doing wrong?
is that guide using barnyard2 for the database populating? if not, then it is
likely out of date... snort doesn't talk to databases directly any more... it
needs to spend time sniffing the data stream and posting alerts to the alert
files... barnyard2 will then read those alert files and properly add the alerts
to the database being used...
by using this method, if the database cannot be contacted for some reason, snort
can keep on doing its job instead of not sniffing while waiting on the database...
More information about the Snort-users