|
|
|
|
Snort Forums Archive
Archive Home » Snort Newbies » Basic question about snort and my sql
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Basic question about snort and my sql
Posted by mangood on March 15, 2005 21:16:15
Hi Everyone
|
|
Posted by Mafzal on June 26, 2006 06:58:06
for snort to work, do i have to install mysql too?
please pardon me if it is too silly question.
thanks
|
|
Posted by lukeBFTH on June 27, 2006 00:42:14
No. It is not necessary to install MySql database. Snort will be writes alerts to /var/log/snort/alert file. If directory /var/log/snort does not exists create it and change the user/group of it to snort user "snort"
(#chown -v snort.snort /var/log/snort) |
|
Posted by rugwest on June 28, 2006 16:29:14
What's the benefit of writing to a database instead of log files? |
|
Posted by lukeBFTH on June 29, 2006 00:48:05
The benefit - you can manage yours logs and alerts in simple and comfortable way.
Network(s) <-- Snort(s) --> MySql with snort database <-- WWW server with BASE interface
So you may then type in your browser http://www-server/base/ and manage your logs (sort,delete,e-mail,graph,color,read more about alerts in the same browser)
Ofcourse, you may use some scripts (Perl,bash) and generate also usefull information from log files (i.e. snort_stat.pl) |
|
|
|
|
|
