Thursday, January 19, 2012


Here I have shown how to prepare mysql to work with Snort.  Assuming mysql is already installed.
root@snortbox:/store/snort/src/snort-2.9.1# mysql -u root -p
Enter password:
mysql> show databases;
| Database                     |
| information_schema     |
| mysql                         |

2 rows in set (0.01 sec)
Now let us create the MySQL database and tables in order to receive the Snort logs:
mysql> create database snort;
Query OK, 1 row affected (0.01 sec) Since it is dangerous to access the database with the root user, we need to create a user who has only permissions on the snort database:
mysql> grant all on snort.* to snortuser@localhost identified by 'snortpassword';
Query OK, 0 rows affected (0.01 sec)
Now to reload mysql privileges.
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit;
Now we will import the mysql schema which snort knows to use.
root@snortbox:/store/snort/src/snort-2.9.1/schemas# ls
create_db2    create_mysql       create_postgresql
create_mssql  create_oracle.sql  Makefile 
root@snortbox:/store/snort/src/snort-2.9.1/schemas# mkdir /usr/share/doc/snort-mysql/
root@snortbox:/store/snort/src/snort-2.9.1/schemas# cp create_mysql /usr/share/doc/snort-mysql/
Manual installation
#mysql -u root -p snort < schemas/create_mysql

No comments:

Post a Comment