[Snort-users] Is there not a database schema in Snort Source for Snort?

waldo kitty wkitty42 at ...14940...
Sun Sep 14 13:10:41 EDT 2014


On 9/14/2014 12:02 AM, Jutichai Thongkrachai wrote:
> Hello,
> I'm just curious
>
> I try to set up Snort with Barnyard2 and Snorby as this links:
> http://monkeyadmin.blogspot.com/2010/09/installing-snort-mysql-and-snorby-on.html

that tutorial is 4 years old...

> I do until the step that add the schema to the snort database but there is not a
> file that contain a bunch of sql command to create a schema at my Snort source
> directory ( /usr/local/src/snort-2.9.6.2)

i'm going to make a eWAG that the tutorial is operating on the assumption that 
snort talks to databases... back then it may have done so but there were 
numerous problems so the task of placing alerts into a database was removed and 
delegated to other tools... the main thing that this did was to enable snort to 
concentrate on snorting the network traffic instead of having to deal with 
database problems...

the solution is to use a tool like barnyard2 to read snort generated binary 
unified2 files and have barnyard2 put those alerts into the database for other 
tools like snorby to read and process...

in short, find another tutorial that uses barnyard2 with snort and snorby... 
preferably one that is less than 2 years old... i say two years because it has 
been at least that long since snort stopped talking to databases, IIRC...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list