Snort mailing list archives

RE: Snort Red hat 7.2, ACID, MySQL.

From: Christopher Lyon <cslyon () netsvcs com>
Date: Sun, 4 Aug 2002 22:09:40 -0700
Your best bet is not to use RPM's. I have got Snort with the ACID/Mysql
combo working on both 7.2 and 7.3. Here are my install notes:
 
Install 7.2 or 7.3 with postgresql and postgresql-libs. Once that is
completed you will need to install apache and PHP using the following
commands:
 
1.    Apache 1.3.26 
a.    tar  - zxvf apache_1.3.26.tar.gz into the /usr/local directory
b.    ./configure --prefix=/usr/local/apache --enable-module=so
i.    make
ii.   make install 
 
2.    PHP 4.2.2 
a.    tar - zxvf php-4.2.2.tar.gz into the /usr/local directory
b.    ./configure --with-mysql= --with-gd  --with-apxs=
/usr/local/apache/bin/apxs
i.    make
ii.   make install 
 
Once that is all done you can move the ACID, PHPlot, GD and ADODB in the
HTDOCS directory. Don't forget to modify the httpd.conf file with the
following items.
 
# LoadModule foo_module modules/mod_foo.so 
LoadModule php4_module        modules/libphp4.so
AddType application/x-httpd-php  .php
 
Once that happens you should be good. Snort.org also has a good document for
the database and web security stuff. You might want to look at it for more
information. Let me know how it goes.
 
 
 
__________________________________________
Christopher Lyon
DNS Network Services
v: 949-255-5066 f: 949-253-1555
cslyon () netsvcs com
 
-----Original Message-----
From: Brian Ertel [mailto:bsertel () amherst edu] 
Sent: Tuesday, July 30, 2002 7:43 AM
To: Snort (E-mail)
Subject: [Snort-users] Snort Red hat 7.2, ACID, MySQL.
 
 
 
Presently we have the system up and running.  Now, it seems
that ACID displays the totality of what is contained in MySQL.
Is there a way to, lets say every 24 hours, dump the information
snorted in that past 24 hours into MySQL and have ACID only display
what is presently being snorted?  For example, if I activate Snort
on Monday morning at 8:30am, can I configure Snort or ACID or MySQL
to (on Tues. morning at say 8:15am) take that past 24 hours worth
of info store it away in MySQL so that ACID only displays what is
presently being Snorted, i.e. starting at 8:30 Tues morning? 
 
Any thoughts?
 
----------------------------------
Brian Ertel
Systems & Networking
Network Administrator
Amherst College
Voice: 413-542-8320
Fax:    413-542-2626
bsertel () amherst edu
----------------------------------
 
 
 
 
 
 
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Snort Red hat 7.2, ACID, MySQL. Brian Ertel (Jul 30)
- <Possible follow-ups>
- RE: Snort Red hat 7.2, ACID, MySQL. Christopher Lyon (Aug 04)