Menu
▾
▴
snort-inline-users
|
From: Holger M. <gan...@mo...> - 2005-08-19 08:44:00
|
Hello, my Name is Holger Moskopp, i?m student at the FH-Cologne and working on my thesis. The topic is, to build a security solution for an experimantalnetwork with special consideration of VoIP aplications (for that is the DMZ with a SIP/RTP proxy) Im also new to that Mailinglist, and i never was before Member of a Mailinglist. I have a separate computer with three Ethernetcards as Firewall. eth0 for the external net eth2 for the internal net eth1 for my DMZ On that Computer i installed snort-inline.2.2.0a I want to send all the snort-inline logs to a MYSQL database in the internal net. So i configured snort-inline like that: ./configure --/prefix=/opt/snort-inline/ --with-libipq-includes=/usr/include/libipq --enable-flexresp --enable-inline --enable-clamav --with-mysql all went well with the make and make install. I copied all files from /etc and the rules. But how can i say snort-inline, where the mysql database is? There is a snort.conf and a snort-inline.conf. In the snort.conf is a posiblity to tell snort a output database. But not in the snort-inline.conf. Have i to do it in the snort.conf, or have i to copy that line in the snort-inline.conf - is the snort.conf needed? If yes - take all changings there the same effect like in several Howtos described? Thank You Best regards Holger Moskopp |
|
From: Will M. <wil...@gm...> - 2005-08-19 14:33:22
|
snort-inline supports logging to a database, just copy the line that deals with database output from snort.conf to snort-inline.conf and modify it fit your environment. Regards, Will On 8/19/05, Holger Moskopp <gan...@mo...> wrote: > Hello, > =20 > my Name is Holger Moskopp, i=B4m student at the=20 > FH-Cologne and working on my thesis. The topic is,=20 > to build a security solution for an experimantalnetwork=20 > with special consideration of VoIP aplications > (for that is the DMZ with a SIP/RTP proxy)=20 > =20 > Im also new to that Mailinglist, and i never was before=20 > Member of a Mailinglist.=20 > =20 > I have a separate computer with three Ethernetcards as Firewall.=20 > eth0 for the external net eth2 for the internal net eth1 for my DMZ=20 > On that Computer i installed snort-inline.2.2.0a > =20 > I want to send all the snort-inline logs to a MYSQL database in the=20 > internal net. So i configured snort-inline like that:=20 > =20 > ./configure --/prefix=3D/opt/snort-inline/=20 > --with-libipq-includes=3D/usr/include/libipq=20 > --enable-flexresp=20 > --enable-inline=20 > --enable-clamav=20 > --with-mysql=20 > =20 > all went well with the make and make install. > =20 > I copied all files from /etc and the rules.=20 > =20 > But how can i say snort-inline, where the mysql database is?=20 > There is a snort.conf and a snort-inline.conf.=20 > In the snort.conf is a posiblity to tell snort a output database.=20 > But not in the snort-inline.conf.=20 > Have i to do it in the snort.conf, or have i to copy that line in=20 > the snort-inline.conf - is the snort.conf needed?=20 > If yes - take all changings there the same effect like in=20 > several Howtos described?=20 > =20 > =20 > Thank You > Best regards > Holger Moskopp > =20 > =20 > |
|
From: Holger M. <gan...@mo...> - 2005-08-22 18:51:55
|
After may tests on the TTY i wanted to conect Snort-inline with the mysqldatabase.But i got a strange screen while starting snort-inline after changin the snort_inline.conf. I added: ### MYSQL Datenbankort output database: log, mysql, user=snort password=<THEPASSWORD> dbname=snort host=<IP-in-INTERN-NET> and i got that screen: . . . . database: 'mysql' support is not compiled into this build of snort ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, or Windows), then check for alternate builds that contains the necessary 'mysql' support. If this build of snort was compiled by you, then re-run the the ./configure script using the '--with-mysql' switch. For non-standard installations of a database, the '--with-mysql=DIR' syntax may need to be used to specify the base directory of the DB install. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation. Fatal Error, Quitting.. database: compiled support for ( ) database: configured to use mysql I compiled it again with --enable-mysql=/usr/include/mysql but that got brought the same error. As i said, it is a Debian sarge 3.1 and i apt-geted the Packet libmysqlclient14-dev I was wondering because i got no error while compailation. Do i need anything else? Or did i use the wrong path in Debian? On what file is snort_inline aiming while compalation? How know snort-inline that it have to crate a table in the Mysql database? Up to now i only created an empty Database with the rights for Snort-inline. Thank you Best regards Holger Will Metcalf schrieb: >snort-inline supports logging to a database, just copy the line that >deals with database output from snort.conf to snort-inline.conf and >modify it fit your environment. > >Regards, > >Will > >On 8/19/05, Holger Moskopp <gan...@mo...> wrote: > > >> Hello, >> >> my Name is Holger Moskopp, i´m student at the >> FH-Cologne and working on my thesis. The topic is, >> to build a security solution for an experimantalnetwork >> with special consideration of VoIP aplications >> (for that is the DMZ with a SIP/RTP proxy) >> >> Im also new to that Mailinglist, and i never was before >> Member of a Mailinglist. >> >> I have a separate computer with three Ethernetcards as Firewall. >> eth0 for the external net eth2 for the internal net eth1 for my DMZ >> On that Computer i installed snort-inline.2.2.0a >> >> I want to send all the snort-inline logs to a MYSQL database in the >> internal net. So i configured snort-inline like that: >> >> ./configure --/prefix=/opt/snort-inline/ >> --with-libipq-includes=/usr/include/libipq >> --enable-flexresp >> --enable-inline >> --enable-clamav >> --with-mysql >> >> all went well with the make and make install. >> >> I copied all files from /etc and the rules. >> >> But how can i say snort-inline, where the mysql database is? >> There is a snort.conf and a snort-inline.conf. >> In the snort.conf is a posiblity to tell snort a output database. >> But not in the snort-inline.conf. >> Have i to do it in the snort.conf, or have i to copy that line in >> the snort-inline.conf - is the snort.conf needed? >> If yes - take all changings there the same effect like in >> several Howtos described? >> >> >> Thank You >> Best regards >> Holger Moskopp >> >> >> >> >> > > > |
|
From: Will M. <wil...@gm...> - 2005-08-22 19:14:53
|
make clean then run ./configure --enable-inline --enable-clamav --with-mysql=3D/usr/include/mys= ql or whatever Regards, Will On 8/22/05, Holger Moskopp <gan...@mo...> wrote: > After may tests on the TTY i wanted to conect Snort-inline with the > mysqldatabase.But i got a strange screen while starting snort-inline afte= r > changin the snort_inline.conf. >=20 > I added: >=20 > ### MYSQL Datenbankort > output database: log, mysql, user=3Dsnort password=3D<THEPASSWORD> > dbname=3Dsnort host=3D<IP-in-INTERN-NET> >=20 > and i got that screen: >=20 > . > . > . > . > database: 'mysql' support is not compiled into this build of snort >=20 > ERROR: If this build of snort was obtained as a binary distribution > (e.g., rpm, > or Windows), then check for alternate builds that contains the necessary > 'mysql' support. >=20 > If this build of snort was compiled by you, then re-run the > the ./configure script using the '--with-mysql' switch. > For non-standard installations of a database, the '--with-mysql=3DDIR' > syntax may need to be used to specify the base directory of the DB instal= l. >=20 > See the database documentation for cursory details (doc/README.database). > and the URL to the most recent database plugin documentation. > Fatal Error, Quitting.. > database: compiled support for ( ) > database: configured to use mysql >=20 >=20 >=20 >=20 > I compiled it again with --enable-mysql=3D/usr/include/mysql >=20 > but that got brought the same error. >=20 > As i said, it is a Debian sarge 3.1 and i apt-geted the Packet > libmysqlclient14-dev >=20 > I was wondering because i got no error while compailation. > Do i need anything else? >=20 > Or did i use the wrong path in Debian? > On what file is snort_inline aiming while compalation? >=20 > How know snort-inline that it have to crate a table in the Mysql > database? Up to now i only created an empty Database > with the rights for Snort-inline. >=20 > Thank you > Best regards > Holger >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > Will Metcalf schrieb: >=20 > >snort-inline supports logging to a database, just copy the line that > >deals with database output from snort.conf to snort-inline.conf and > >modify it fit your environment. > > > >Regards, > > > >Will > > > >On 8/19/05, Holger Moskopp <gan...@mo...> wrote: > > > > > >> Hello, > >> > >> my Name is Holger Moskopp, i=B4m student at the > >> FH-Cologne and working on my thesis. The topic is, > >> to build a security solution for an experimantalnetwork > >> with special consideration of VoIP aplications > >> (for that is the DMZ with a SIP/RTP proxy) > >> > >> Im also new to that Mailinglist, and i never was before > >> Member of a Mailinglist. > >> > >> I have a separate computer with three Ethernetcards as Firewall. > >> eth0 for the external net eth2 for the internal net eth1 for my DMZ > >> On that Computer i installed snort-inline.2.2.0a > >> > >> I want to send all the snort-inline logs to a MYSQL database in the > >> internal net. So i configured snort-inline like that: > >> > >> ./configure --/prefix=3D/opt/snort-inline/ > >> --with-libipq-includes=3D/usr/include/libipq > >> --enable-flexresp > >> --enable-inline > >> --enable-clamav > >> --with-mysql > >> > >> all went well with the make and make install. > >> > >> I copied all files from /etc and the rules. > >> > >> But how can i say snort-inline, where the mysql database is? > >> There is a snort.conf and a snort-inline.conf. > >> In the snort.conf is a posiblity to tell snort a output database. > >> But not in the snort-inline.conf. > >> Have i to do it in the snort.conf, or have i to copy that line in > >> the snort-inline.conf - is the snort.conf needed? > >> If yes - take all changings there the same effect like in > >> several Howtos described? > >> > >> > >> Thank You > >> Best regards > >> Holger Moskopp > >> > >> > >> > >> > >> > > > > > > >=20 > |
|
From: Holger M. <gan...@mo...> - 2005-08-24 12:27:55
|
Hi, now snort-inline communicates with the mysqldatabase on the computer in the internal net. :) The problem was the libmysqlclient14-dev I "apt-geted" also the libmysqlclient10-dev and after that it worked. Thanks for your Help Best regards Holger Will Metcalf schrieb: >make clean > >then run > >./configure --enable-inline --enable-clamav --with-mysql=/usr/include/mysql > >or whatever > >Regards, > >Will >On 8/22/05, Holger Moskopp <gan...@mo...> wrote: > > >>After may tests on the TTY i wanted to conect Snort-inline with the >>mysqldatabase.But i got a strange screen while starting snort-inline after >>changin the snort_inline.conf. >> >>I added: >> >>### MYSQL Datenbankort >>output database: log, mysql, user=snort password=<THEPASSWORD> >>dbname=snort host=<IP-in-INTERN-NET> >> >>and i got that screen: >> >>. >>. >>. >>. >>database: 'mysql' support is not compiled into this build of snort >> >>ERROR: If this build of snort was obtained as a binary distribution >>(e.g., rpm, >>or Windows), then check for alternate builds that contains the necessary >>'mysql' support. >> >>If this build of snort was compiled by you, then re-run the >>the ./configure script using the '--with-mysql' switch. >>For non-standard installations of a database, the '--with-mysql=DIR' >>syntax may need to be used to specify the base directory of the DB install. >> >>See the database documentation for cursory details (doc/README.database). >>and the URL to the most recent database plugin documentation. >>Fatal Error, Quitting.. >>database: compiled support for ( ) >>database: configured to use mysql >> >> >> >> >>I compiled it again with --enable-mysql=/usr/include/mysql >> >>but that got brought the same error. >> >>As i said, it is a Debian sarge 3.1 and i apt-geted the Packet >>libmysqlclient14-dev >> >>I was wondering because i got no error while compailation. >>Do i need anything else? >> >>Or did i use the wrong path in Debian? >>On what file is snort_inline aiming while compalation? >> >>How know snort-inline that it have to crate a table in the Mysql >>database? Up to now i only created an empty Database >>with the rights for Snort-inline. >> >>Thank you >>Best regards >>Holger >> >> >> >> >> >> >> >> >>Will Metcalf schrieb: >> >> >> >>>snort-inline supports logging to a database, just copy the line that >>>deals with database output from snort.conf to snort-inline.conf and >>>modify it fit your environment. >>> >>>Regards, >>> >>>Will >>> >>>On 8/19/05, Holger Moskopp <gan...@mo...> wrote: >>> >>> >>> >>> >>>>Hello, >>>> >>>>my Name is Holger Moskopp, i´m student at the >>>>FH-Cologne and working on my thesis. The topic is, >>>>to build a security solution for an experimantalnetwork >>>>with special consideration of VoIP aplications >>>>(for that is the DMZ with a SIP/RTP proxy) >>>> >>>>Im also new to that Mailinglist, and i never was before >>>>Member of a Mailinglist. >>>> >>>>I have a separate computer with three Ethernetcards as Firewall. >>>>eth0 for the external net eth2 for the internal net eth1 for my DMZ >>>>On that Computer i installed snort-inline.2.2.0a >>>> >>>>I want to send all the snort-inline logs to a MYSQL database in the >>>>internal net. So i configured snort-inline like that: >>>> >>>>./configure --/prefix=/opt/snort-inline/ >>>>--with-libipq-includes=/usr/include/libipq >>>>--enable-flexresp >>>>--enable-inline >>>>--enable-clamav >>>>--with-mysql >>>> >>>>all went well with the make and make install. >>>> >>>>I copied all files from /etc and the rules. >>>> >>>>But how can i say snort-inline, where the mysql database is? >>>>There is a snort.conf and a snort-inline.conf. >>>>In the snort.conf is a posiblity to tell snort a output database. >>>>But not in the snort-inline.conf. >>>>Have i to do it in the snort.conf, or have i to copy that line in >>>>the snort-inline.conf - is the snort.conf needed? >>>>If yes - take all changings there the same effect like in >>>>several Howtos described? >>>> >>>> >>>>Thank You >>>>Best regards >>>>Holger Moskopp >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >> >> > > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X