Wondering if any has managed to get Snort working on Fedora 12?
Here are the packages i have installed:
I've managed from what i can tell to get snortd/mysql and base installed and working to some extent. I can see snort is logging to /var/log/snort/alert so it can recording and i can access the snort DB in mysql, base loads fine except it's now showing any data.
Thinking it must be a permissions issues somewhere or snort isn't storing the data properly to mysql.
I've checked my apache logs and snort logs can't find any issues anywhere..
I have gotten it to work on Fedora 10, 11, and now 12 without any issues.
I guess the first questions are where did you get the RPM that you are using to install from?
I did, however, end up having to build it from scratch some functionality was not included in the RPM Build from Fedora (yum) or the rpm build from Snort. The RPM made a difference because not all the RPM's have SQL enabled and other functionalites are not enabled by default.
Also, I do not log from snort directly to SQL, but rather log to unified2 format and then use Barnyard2 to get the events into sql which Base can then view.
This part can also be tricky as having some functionalities enabled in the RPM snortd interfered with the logging. I never figured out why.
snort and mysql where both yum packages. Base was the only thing i downloaded as a rpm, but even that still needed me to download base_state_citems.inc.php to get BASE to display properly.
So are you suggesting i install snort from rpm rather that from a yum repo?
Ok this is now fixed, re-installed snort from source rather than from a RPM. BASE is not reporting which is good.
Now reporting sorry.
if using snort and logging directly to SQL, make sure to install snort-mysql:
Name : snort-mysql
Arch : i586
Version : 18.104.22.168
Release : 1.fc11
Size : 344 k
Repo : updates
Summary : Snort with Flexible Response
URL : http://www.snort.org
License : GPLv2
Description: Snort compiled with mysql support
Otherwise log to Unified2 format and use Barnyard to move logs from Unified2 logs to mysql, then you don't need to rebuild or reinstall snort.
Finally, if you want to use dynamic detecion functionality of snort, you may need to build your own snort (I never got it to work with RPM's).
If this helps and/or makes sense.
Log in to post a comment.