1.明确在编译snort时,支持mysql,及其的位置。
./configure --prefix=/opt/snort --enable-smbalerts --enable-inline --enable-clamav --enable-flexresp --with-mysql=/usr/local/mysql --with-snmp --with-openssl
2.安装mysql ,安装在上述的/usr/local/mysql 位置。
./configure --prefix=/usr/local/mysql
3.在mysql中建数据库、用户、表
先启动mysql :etc/init.d/mysqld start
1)mysql -h localhost -u root -p 安全时的密码,没有为空
2)create database snort;
3)use snort
4)grant CREATE,INSERT,DELETE,UPDATE,SELECT on snort.* to user@localhost IDENTIFIED BY "password"; 5)在源码中找到 create_mysql 文件 创建表 mysql -h localhost -u user -p snort < create_mysql 6)找到 创建附加表 snortdb-extra.zip 里面很多端口信息,在snort-2.0.0版本里有。 mysql -h localhost -u user -p snort < snortdb-extra 7)修改snort.conf的配置 output database: alert, mysql, user=user password=password dbname=snort host=127.0.0.1 8)启动snort
output database: log, mysql, user=user password=password dbname=snort host=127.0.0.1
/opt/snort/bin/snort -c /etc/snort/snort.conf