snort installation on windows : missing database config line in snort.conf

0

I installed Snort on windows 7, and added all the rules and everything works fine for me.

The thing that I want to add, is to save alerts in mysql database, in my case, in some tutorials that I found online this one which says that we can change "snort.conf" by modifying the database line:

# syslog
# output alert_syslog: LOG_AUTH LOG_ALERT

# pcap
# output log_tcpdump: tcpdump.log

# database
# output database: alert, <db_type>, user=<username> password=<password> test dbname=<name> host=<hostname>
# output database: log, <db_type>, user=<username> password=<password> test dbname=<name> host=<hostname>

The problem is, that I don't actually have this configuration line of the database in snort.conf.

So should I add it manually, and create the MySQL database.

interface

Posted 2016-09-20T16:23:46.267

Reputation: 1

Answers

0

I had never used snort on Windows, but I find this link: https://www.sans.org/security-resources/idfaq/running-snort-under-windows/6/4

They do not seem to install any database, so I would suggest to do like them. Install it and play around with it. After getting used, you will be able to know better what to do.

RandomSecGuy

Posted 2016-09-20T16:23:46.267

Reputation:

Asked: 2016-09-20T16:23:46.267

Viewed: 191 times

Active: 2016-09-30T08:25:47.000