1.主机:奔腾T4400 双核 2.2GHz
2.VM版本:Vmware Workstation 9.2
3.Linux发行版:Ubuntu 12.0
1.安装完成ubuntu之后进行升级:apt-get update;
Sudo apt-get install libpcap0.8-dev libmysqlclient1-dev mysql-client mysql-server bison flex apache2 libapache2-mod-php5 php5-gd php5-mysql libphp-adodb php-pear pcregrep snort snort-rules-default
apt-get install snort-mysql;
sudo snort -c /etc/snort/snort.conf
$ sudo snort -c /etc/snort/snort.conf
[sudo] password for XXX:
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined : [ 80 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1521 ]
PortVar 'FTP_PORTS' defined : [ 21 ]
Tagged Packet Limit: 256
Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Log directory = /var/log/snort
database: must enter database name in configuration file
USAGE: database plugin
output database: [log | alert], [type of database], [parameter list]
[log | alert] selects whether the plugin will use the alert or
log facility.
For the first argument, you must supply the type of database.
The possible values are mysql, postgresql, odbc, oracle and
The parameter list consists of key value pairs. The proper
format is a list of key=value pairs each separated a space.
The only parameter that is absolutely necessary is "dbname".
All other parameters are optional but may be necessary
depending on how you have configured your RDBMS.
dbname - the name of the database you are connecting to
host - the host the RDBMS is on
port - the port number the RDBMS is listening on
user - connect to the database as this user
password - the password for given user
sensor_name - specify your own name for this snort sensor. If you
do not specify a name one will be generated automatically
encoding - specify a data encoding type (hex, base64, or ascii)
detail - specify a detail level (full or fast)
ignore_bpf - specify if you want to ignore the BPF part for a sensor
definition (yes or no, no is default)
The configuration I am currently using is MySQL with the database
name of "snort". The user "snortusr@localhost" has INSERT and SELECT
privileges on the "snort" database and does not require a password.
The following line enables snort to log to this database.
output database: log, mysql, dbname=snort user=snortusr host=localhost
ERROR: Fatal Error, Quitting..