Re: [Snort-inline-users] Mysql here - Snort Inline there

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

make clean

then run

./configure --enable-inline --enable-clamav --with-mysql=3D/usr/include/mys=
ql

or whatever

Regards,

Will
On 8/22/05, Holger Moskopp <gan...@mo...> wrote:
> After may tests on the TTY i wanted to conect Snort-inline with the
> mysqldatabase.But i got a strange screen while starting snort-inline afte=
r
> changin the snort_inline.conf.
>=20
> I added:
>=20
> ### MYSQL Datenbankort
> output database: log, mysql, user=3Dsnort password=3D<THEPASSWORD>
> dbname=3Dsnort host=3D<IP-in-INTERN-NET>
>=20
> and i got that screen:
>=20
> .
> .
> .
> .
> database: 'mysql' support is not compiled into this build of snort
>=20
> ERROR: If this build of snort was obtained as a binary distribution
> (e.g., rpm,
> or Windows), then check for alternate builds that contains the necessary
> 'mysql' support.
>=20
> If this build of snort was compiled by you, then re-run the
> the ./configure script using the '--with-mysql' switch.
> For non-standard installations of a database, the '--with-mysql=3DDIR'
> syntax may need to be used to specify the base directory of the DB instal=
l.
>=20
> See the database documentation for cursory details (doc/README.database).
> and the URL to the most recent database plugin documentation.
> Fatal Error, Quitting..
> database: compiled support for ( )
> database: configured to use mysql
>=20
>=20
>=20
>=20
> I compiled it again with --enable-mysql=3D/usr/include/mysql
>=20
> but that got brought the same error.
>=20
> As i said, it is a Debian sarge 3.1 and i apt-geted the Packet
> libmysqlclient14-dev
>=20
> I was wondering because i got no error while compailation.
> Do i need anything else?
>=20
> Or did i use the wrong path in Debian?
> On what file is snort_inline aiming while compalation?
>=20
> How know snort-inline that it have to crate a table in the Mysql
> database? Up to now i only created an empty Database
> with the rights for Snort-inline.
>=20
> Thank you
> Best regards
> Holger
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> Will Metcalf schrieb:
>=20
> >snort-inline supports logging to a database, just copy the line that
> >deals with database output from snort.conf to snort-inline.conf and
> >modify it fit your environment.
> >
> >Regards,
> >
> >Will
> >
> >On 8/19/05, Holger Moskopp <gan...@mo...> wrote:
> >
> >
> >> Hello,
> >>
> >> my Name is Holger Moskopp, i=B4m student at the
> >> FH-Cologne and working on my thesis. The topic is,
> >> to build a security solution for an experimantalnetwork
> >> with special consideration of VoIP aplications
> >> (for that is the DMZ with a SIP/RTP proxy)
> >>
> >> Im also new to that Mailinglist, and i never was before
> >> Member of a Mailinglist.
> >>
> >> I have a separate computer with three Ethernetcards as Firewall.
> >> eth0 for the external net eth2 for the internal net eth1 for my DMZ
> >> On that Computer i installed snort-inline.2.2.0a
> >>
> >> I want to send all the snort-inline logs to a MYSQL database in the
> >> internal net. So i configured snort-inline like that:
> >>
> >> ./configure --/prefix=3D/opt/snort-inline/
> >> --with-libipq-includes=3D/usr/include/libipq
> >> --enable-flexresp
> >> --enable-inline
> >> --enable-clamav
> >> --with-mysql
> >>
> >> all went well with the make and make install.
> >>
> >> I copied all files from /etc and the rules.
> >>
> >> But how can i say snort-inline, where the mysql database is?
> >> There is a snort.conf and a snort-inline.conf.
> >> In the snort.conf is a posiblity to tell snort a output database.
> >> But not in the snort-inline.conf.
> >> Have i to do it in the snort.conf, or have i to copy that line in
> >> the snort-inline.conf - is the snort.conf needed?
> >> If yes - take all changings there the same effect like in
> >> several Howtos described?
> >>
> >>
> >> Thank You
> >> Best regards
> >> Holger Moskopp
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
>=20
>