ubuntu snort-mysql_Ubuntu 下Snort的安装

实验环境

1.主机：奔腾T4400 双核 2.2GHz

2.VM版本：VmwareWorkstation9.2

3.Linux发行版：Ubuntu 12.0

4.Linux内核版本：3.16

5.Snort版本：2.9

步骤：

1.安装完成ubuntu之后进行升级：apt-get update；

2.安装所需要的软件；

Sudoapt-get install libpcap0.8-dev libmysqlclient1-dev mysql-client mysql-server bison flex apache2 libapache2-mod-php5 php5-gd php5-mysql libphp-adodb php-pear pcregrep snort snort-rules-default

期间会对mysql进行设定，设定mysql密码为：mysql；网络地址范围默认即可；

3

安装snort-mysql；

apt-get install snort-mysql；

并安装说明文件创建数据库；

4.修改snort.conf配置文件：

6：修改database.conf配置文件；

7.测试snort；

sudo snort -c /etc/snort/snort.conf

出现这只小猪，说明可以运行了。

如果出现如下问题：$ sudo snort -c /etc/snort/snort.conf

[sudo] password for XXX:

Running in IDS mode

--== Initializing Snort ==--

Initializing Output Plugins!

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file "/etc/snort/snort.conf"

PortVar 'HTTP_PORTS' defined :  [ 80 ]

PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]

PortVar 'ORACLE_PORTS' defined :  [ 1521 ]

PortVar 'FTP_PORTS' defined :  [ 21 ]

Tagged Packet Limit: 256

Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... done

Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so... done

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done

Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done

Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/

Log directory = /var/log/snort

database: must enter database name in configuration file

USAGE: database plugin

output database: [log | alert], [type of database], [parameter list]

[log | alert] selects whether the plugin will use the alert or

log facility.

For the first argument, you must supply the type of database.

The possible values are mysql, postgresql, odbc, oracle and

mssql

The parameter list consists of key value pairs. The proper

format is a list of key=value pairs each separated a space.

The only parameter that is absolutely necessary is "dbname".

All other parameters are optional but may be necessary

depending on how you have configured your RDBMS.

dbname - the name of the database you are connecting to

host - the host the RDBMS is on

port - the port number the RDBMS is listening on

user - connect to the database as this user

password - the password for given user

sensor_name - specify your own name for this snort sensor. If you

do not specify a name one will be generated automatically

encoding - specify a data encoding type (hex, base64, or ascii)

detail - specify a detail level (full or fast)

ignore_bpf - specify if you want to ignore the BPF part for a sensor

definition (yes or no, no is default)

FOR EXAMPLE:

The configuration I am currently using is MySQL with the database

name of "snort". The user "snortusr@localhost" has INSERT and SELECT

privileges on the "snort" database and does not require a password.

The following line enables snort to log to this database.

output database: log, mysql, dbname=snort user=snortusr host=localhost

ERROR: Fatal Error, Quitting..

则应该是忘记了第六步：修改database.conf文件。