Snort

From Ilianko
Revision as of 06:51, 18 July 2013 by Anko (talk | contribs) (→‎OS)

1. Кво е снорт?!

  • NIDS

2.

OS

Debian 7.1.0 wheezy on VirtualBox 4.2.16


Preapration

build-essential php5 php5-mysql


Barnyard

Output spool reader for Snort! This program decouples output overhead from the Snort network intrusion detection system and allows Snort to run at full speed. It takes input and output plugins and can therefore be used to convert almost any spooled fil

wget http://sourceforge.net/projects/barnyard/files/latest/download
tar -xf download
cd barnyard
apt-get install libmysqlclient-dev
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu/ --with-mysql-includes=/usr/include/
make
make install
cp /root/barnyard-0.2.0/etc/barnyard.conf /etc/snort/


output database: log, mysql, user=snort password=<mypassword> dbname=snort host=localhost