Re: [Snort-inline-users] Mysql here - Snort Inline there

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

After may tests on the TTY i wanted to conect Snort-inline with the
mysqldatabase.But i got a strange screen while starting snort-inline after
changin the snort_inline.conf.

I added:

### MYSQL Datenbankort
output database: log, mysql, user=snort password=<THEPASSWORD> 
dbname=snort host=<IP-in-INTERN-NET>

and i got that screen:

.
.
.
.
database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution 
(e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
database: compiled support for ( )
database: configured to use mysql

I compiled it again with --enable-mysql=/usr/include/mysql

but that got brought the same error.

As i said, it is a Debian sarge 3.1 and i apt-geted the Packet
libmysqlclient14-dev

I was wondering because i got no error while compailation.
Do i need anything else?

Or did i use the wrong path in Debian?
On what file is snort_inline aiming while compalation?

How know snort-inline that it have to crate a table in the Mysql
database? Up to now i only created an empty Database
with the rights for Snort-inline.

Thank you
Best regards
Holger

Will Metcalf schrieb:

>snort-inline supports logging to a database, just copy the line that
>deals with database output from snort.conf to snort-inline.conf and
>modify it fit your environment.
>
>Regards,
>
>Will
>
>On 8/19/05, Holger Moskopp <gan...@mo...> wrote:
>  
>
>> Hello,
>> 
>> my Name is Holger Moskopp, i´m student at the 
>> FH-Cologne and working on my thesis. The topic is, 
>> to build a security solution for an experimantalnetwork 
>> with special consideration of VoIP aplications
>> (for that is the DMZ with a SIP/RTP proxy) 
>> 
>> Im also new to that Mailinglist, and i never was before 
>> Member of a Mailinglist. 
>> 
>> I have a separate computer with three Ethernetcards as Firewall. 
>> eth0 for the external net eth2 for the internal net eth1 for my DMZ 
>> On that Computer i installed snort-inline.2.2.0a
>> 
>> I want to send all the snort-inline logs to a MYSQL database in the 
>> internal net. So i configured snort-inline like that: 
>> 
>> ./configure --/prefix=/opt/snort-inline/ 
>> --with-libipq-includes=/usr/include/libipq 
>> --enable-flexresp 
>> --enable-inline 
>> --enable-clamav 
>> --with-mysql 
>> 
>> all went well with the make and make install.
>> 
>> I copied all files from /etc and the rules. 
>> 
>> But how can i say snort-inline, where the mysql database is? 
>> There is a snort.conf and a snort-inline.conf. 
>> In the snort.conf is a posiblity to tell snort a output database. 
>> But not in the snort-inline.conf. 
>> Have i to do it in the snort.conf, or have i to copy that line in 
>> the snort-inline.conf - is the snort.conf needed? 
>> If yes - take all changings there the same effect like in 
>> several Howtos described? 
>> 
>> 
>> Thank You
>> Best regards
>> Holger Moskopp
>> 
>> 
>>
>>    
>>
>
>  
>