vibidoo
Guru
Joined: 27 Nov 2002
Posts: 409
|
 Posted: Fri Feb 07, 2003 12:26 pm Post subject: Snort ACID, output plugging to database |
 |
|
Hello
After 4 days headache to get apache + PHP4 + Mysql working well now I am beating with snort output database pluging to ACID .
I created the database snort_log and snort_archive .
And use acid_db_setup.php to create the table .
now in snort_log I have the following table : acid_ag ; acid_ag_alert ; acid_event ; acid_ip_cache .
I created the snort table in snort_log database .
Grant permission for my snort pc to connect to the mysql database .
my acid_main.php page is fine I have no errors when open it .
So I configured the snort.conf
| Code: |
output log_tcdump: tcp_snort.log # alert on localhost machine
output database : log, mysql , user=root password=rootpass \
dbname=snort_log host=mysql_pc.mydomain.com
|
and when I run snort I get the following error
| Code: |
Warning : command line overrides rules file alert plugin!
|
If I comment the output database line , the warning disapear .
So do I have to re-compile snort with the database options ?
but how to specify the directory , because my database is on the lan ??
| Code: |
snort-1.9.0 # ./configure --with-mysql=/mysql_pc.mydomain.com/usr/mysql
|
|
|
Networking & Security
