- 论坛徽章:
- 0
|
首先在log中检查snort是否已经正常启动;
其次在查看base是否正确设置了。
贴一个在debian中配置snort和base的例子:
安装snort:
# apt-get install snort
# vi /usr/share/doc/snort-mysql/README-database.Debian
# mysql --user=root mysql
> CREATE DATABASE snort_db;
> USE mysql;
> UPDATE user SET Password=PASSWORD('××××') WHERE user='snort';
> GRANT all privileges on snort_db.* to snort@localhost;
> GRANT all privileges on snort_db.* to snort;
> flush privileges;
> exit
# cd /usr/share/doc/snort-mysql
# zcat create_mysql.gz | mysql -u snort –p snort_db
# cd /etc/snort/; mv db-pending-config db-pending-config.bak
# vi /etc/snort/snort.conf 添加
output database: log, mysql, user=snort dbname=snort_db
# /etc/init.d/snort start
安装base:
# tar xzvf /home/amions/base-1.3.6.tar.gz
# mv /home/amions/base-1.3.6 /var/www
# chown root.root /var/www/base-1.3.6 -Rf
# cd /var/www/base-1.3.6/sql
# cat create_base_tbls_mysql.sql | mysql -u snort -p snort_db
# mv /var/www/base-1.3.6 /var/www/base
访问 http://ip/base 设置base
step1:
adodb 位置 /usr/share/php/adodb/
step2:
Database Name: snort_db
Database Host: localhost
Database User Name: snort
passwd: ××××
Archive Database Name: snort_db
Archive Database Host: localhost
Archive Database User Name: snort
passwd: ××××
step3:
user:admin
passwd:××××
FullName:amions
step4: 产生Alert AG
step5:产生base_conf.php
并将其拷贝到/var/www/base目录下 |
|
免费注册
发表于 2007-07-12 13:55