Here I have shown how to prepare mysql to work with Snort. Assuming mysql is already installed.
root@snortbox:/store/snort/src/snort-2.9.1# mysql -u root -p
Enter password:
mysql> show databases;
+---------------------------------+
| Database |
+---------------------------------+
| information_schema |
| mysql |
+---------------------------------+
2 rows in set (0.01 sec)
Now let us create the MySQL database and tables in order to receive the Snort logs:
mysql> create database snort;
Query OK, 1 row affected (0.01 sec) Since it is dangerous to access the database with the root user, we need to create a user who has only permissions on the snort database:
mysql> grant all on snort.* to snortuser@localhost identified by 'snortpassword';
Query OK, 0 rows affected (0.01 sec)
Now to reload mysql privileges.
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit;
Bye
Now we will import the mysql schema which snort knows to use.
root@snortbox:/store/snort/src/snort-2.9.1/schemas# ls
create_db2 create_mysql create_postgresql Makefile.am
create_mssql create_oracle.sql Makefile Makefile.in root@snortbox:/store/snort/src/snort-2.9.1/schemas# mkdir /usr/share/doc/snort-mysql/
root@snortbox:/store/snort/src/snort-2.9.1/schemas# cp create_mysql /usr/share/doc/snort-mysql/
Manual installation
#mysql -u root -p snort < schemas/create_mysql
root@snortbox:/store/snort/src/snort-2.9.1# mysql -u root -p
Enter password:
mysql> show databases;
+---------------------------------+
| Database |
+---------------------------------+
| information_schema |
| mysql |
+---------------------------------+
2 rows in set (0.01 sec)
Now let us create the MySQL database and tables in order to receive the Snort logs:
mysql> create database snort;
Query OK, 1 row affected (0.01 sec) Since it is dangerous to access the database with the root user, we need to create a user who has only permissions on the snort database:
mysql> grant all on snort.* to snortuser@localhost identified by 'snortpassword';
Query OK, 0 rows affected (0.01 sec)
Now to reload mysql privileges.
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit;
Bye
Now we will import the mysql schema which snort knows to use.
root@snortbox:/store/snort/src/snort-2.9.1/schemas# ls
create_db2 create_mysql create_postgresql Makefile.am
create_mssql create_oracle.sql Makefile Makefile.in root@snortbox:/store/snort/src/snort-2.9.1/schemas# mkdir /usr/share/doc/snort-mysql/
root@snortbox:/store/snort/src/snort-2.9.1/schemas# cp create_mysql /usr/share/doc/snort-mysql/
Manual installation
#mysql -u root -p snort < schemas/create_mysql
No comments:
Post a Comment