I've asked this question. No, Snort, will not be included. I have no idea why. It seems like more of a network security item than a DNS proxy or HTTP proxy. I've resorted to building one for myself. It would be nice if the Snort Sensor could be installed and have the database elsewhere. v4 will have a Hardening interface so that an external IDS can interface with the firewall to "harden" it in response to an attack. Or so I've been led to believe.
i'hve a ASL 3.8 BETA for test use only and i have a ASL 3.2 in production. And now i want to use Snort/MySQL on my 3.8 BETA so as to test if it works fine [:)]
Same here. 3.214 in "production" and 3.380 in beta. I too would like to try Snort on 3.380. I could have it log to my Oracle DB server instead of MySQL. By MySQL support is already compiled with Snort 1.9.0.
zaga, I've got Oracle 8.1.6.3 but will most likely use MySQL running on a machine other than my ASL box. I'll just need the binarties then, right? What you send will be the pre-compiled versions? I'll just need to WinSCP the files to my ASL box and edit the snort.conf file, right? Have you built it to run in it's own chroot? This is great zaga, thanks.
[size="1"][ 04 January 2003, 16:05: Message edited by: Jim M. ][/size]
Yes, you'll just need the binaries, it runs on /var/chroot-report, also you'll need to copy the mysql client libs, but i'll also include the in the package, I'm currently doing that and doing a doc that explains how to do this...
Hi all, I'll post the docs, later this day, to compile snort/mysql on ASL 3.214 which is the version i'm currently working on, i don't know if this works on the beta but it should... zoodoo i'll send you and anyone who wants the precompiled snort(1.9.0)/mysql(3.53) for asl... Jim what version of oracle do you have?
Does it matter what version of MySQL I install on my database server? I've got a copy of 3.23.49, 3.23.53, and 3.23.54 (No 3.53?) Is 3.53 the MySQL client version?
[size="1"][ 05 January 2003, 07:46: Message edited by: Jim M. ][/size]
Note: remember that if you want to install programs you should add the --prefix=/pluspack and sometime the configure script might not detect your host type so you must add --host i686-pc-linux-gnu or something like this.
copy it to the ASL machine, untar it for example in /root
now we must get the client libs and header files form a machine with mysl already installed you must get all the files in /usr/lib/mysql or something like this depending where you installed mysql and copy them to your asl box to the same location
then copy the include files from /usr/include/mysql to the same location in your asl box
Now lets compile snort, go to /root/wherever extracted snort and do ./configure --with-mysql then make then make install and that's it, now all you have to do is install the snort rules, edit snort.conf and launch snort and install the rc.d init script included in the snort package in the dir contrib.
