1.明确在编译snort时,支持mysql,及其的位置。

./configure --prefix=/opt/snort --enable-smbalerts --enable-inline --enable-clamav --enable-flexresp --with-mysql=/usr/local/mysql --with-snmp --with-openssl
 

2.安装mysql ,安装在上述的/usr/local/mysql 位置。

./configure --prefix=/usr/local/mysql

 

3.在mysql中建数据库、用户、表

先启动mysql :etc/init.d/mysqld start  

1)mysql -h localhost -u root -p  安全时的密码,没有为空

2)create database snort; 

3)use snort

4)grant CREATE,INSERT,DELETE,UPDATE,SELECT on snort.* to user@localhost IDENTIFIED BY "password";

5)在源码中找到 create_mysql 文件 创建表

 mysql -h localhost -u user -p snort < create_mysql

6)找到 创建附加表 snortdb-extra.zip 里面很多端口信息,在snort-2.0.0版本里有。

mysql -h localhost -u user -p snort < snortdb-extra

 

7)修改snort.conf的配置

output database: alert, mysql, user=user password=password dbname=snort host=127.0.0.1
output database: log, mysql, user=user password=password dbname=snort host=127.0.0.1

 

8)启动snort

 

/opt/snort/bin/snort -c /etc/snort/snort.conf