Re: Installation of Snort Sensor

[edmund.li () alcatel com hk]

Dear all,

Additional work has been added to the sensor. 

1) install mysql 4.0.16 without-server option 
2) ++ rpm -ivh 
MySQL-client-4.0.16-0.i386.rpm
MySQL-devel-4.0.16-0.i386.rpm
MySQL-shared-4.0.16-0.i386.rpm
3) install tcpdump.3.7.2 
4) install  libcap-0.7.2 
5) install snort-2.0.2 
6) snortcenter-agent-v1.0-RC1 
7) Add one more network card (eth1) for snort sniffing. 
8)  Reconfig the snortcenter in order to communicate with the sensor 

Any suggestion why I do not see any info packet of sensor to snort server 
?

I have one question, Is this normal when I check the snort.eth1.conf from 
sensor /opt/snortcenter/sensor/rules/

[root@sensor1 rules]# more snort.eth1.conf
#-------------------------------------------------------------------------------
# Snort Configuration file for < sensor1 >
# Created with SnortCenter v1.0 RC1 < http://users.pandora.be/larc/ >
# $Id: snort.conf, Sunday 02nd of November 2003 06:58:56 PM
#-------------------------------------------------------------------------------
#
#
#
#
#
#
#-------------------------------------------------------------------------------
# $Id: classification.config, Sunday 02nd of November 2003 06:58:56 PM
#-------------------------------------------------------------------------------
#

PS (I do not use the ssl yet, all the ssl is disable in my snortserver for 
the time being)

Edmund





Edmund LI/CN/ALCATEL@ALCATEL
Sent by: snort-users-admin () lists sourceforge net
10/30/2003 04:20 PM
 
        To:     snort-users () lists sourceforge net
        cc: 
        Subject:        [Snort-users] Installation of Snort Sensor



Dear all, 

I have installed the snort server 2.0.2 on Redhat 9.0 with mysql, acid, 
snortcenter etc. It seems to be ok, (alert can be detected by scanning 
machine). Nowadays, I am starting the senor with another machine Redhat 
7.3, however I do not see any good topic about this. Any suggest for 
creating a sensor properly. 

PS: (I installed snortcenter agent to Redhat 7.3) and it seems the senor 
can be controlled/watched by snort server 2.0.2 (with snortcenter) e.g, I 
can see the status of the sensor, however I can not see any alert 
detection from acid of snort server when I do the same scanning activities 
to the sensor. 

What I did for the sensor 
1) install mysql 4.0.16 without-server option ( I do not create any 
database at all), do I miss something, or I need to have a full 
installation with mysql server option ? 
2) install tcpdump.3.7.2 
3) install  libcap-0.7.2 
4) install snort-2.0.2 
5) snortcenter-agent-v1.0-RC1 

Base on the Snort Enterprise implementation guide, it seems sensor with 
send sql info to snort server for analysing. 

Edmund