1.明確在編譯snort時,支持mysql,及其的位置。
./configure --prefix=/opt/snort --enable-smbalerts --enable-inline --enable-clamav --enable-flexresp --with-mysql=/usr/local/mysql --with-snmp --with-openssl
2.安裝mysql ,安裝在上述的/usr/local/mysql 位置。
./configure --prefix=/usr/local/mysql
3.在mysql中建數據庫、用戶、表
先啓動mysql :etc/init.d/mysqld start
1)mysql -h localhost -u root -p 安全時的密碼,沒有爲空
2)create database snort;
3)use snort
4)grant CREATE,INSERT,DELETE,UPDATE,SELECT on snort.* to user@localhost IDENTIFIED BY "password"; 5)在源碼中找到 create_mysql 文件 創建表
mysql -h localhost -u user -p snort < create_mysql 6)找到 創建附加表 snortdb-extra.zip 裏面很多端口信息,在snort-2.0.0版本里有。 mysql -h localhost -u user -p snort < snortdb-extra 7)修改snort.conf的配置 output database: alert, mysql, user=user password=password dbname=snort host=127.0.0.1 8)啓動snort
output database: log, mysql, user=user password=password dbname=snort host=127.0.0.1
/opt/snort/bin/snort -c /etc/snort/snort.conf