Aristotle Posted February 16, 2004 Posted February 16, 2004 I attempted to unsuccessfully install Snort yesterday. I removed MySQL and PHP from my Linux box as instructed by the install instructions yet I don't know where to get the latest version of PHP and SQL for fedora. The different versions of snort also confused me. There are three versions: Snort, Snort-MySQL, and Snort-PHP. I am guessing these are used for data base management of the different ID it recognizes. Any help on what I am supposed to do to get these things successfully installed would be a great help -_- Now if only TCPdump would install..... Share this post Link to post Share on other sites More sharing options...
Propane Posted February 16, 2004 Posted February 16, 2004 um... www.php.net for the latest php package and www.mysql.com for the latest mysql package... What do you want to do with snort as that is the one you will want to get Share this post Link to post Share on other sites More sharing options...
KraZy Posted May 25, 2004 Posted May 25, 2004 (edited) Wont the RH RPM's work for FC without problems? (haven't played with FC yet...) Once I was able to track down the proper RPM for my distro, all was well. Either way, if you don't, you are looking at dependancy-hell for snort, btw. Edited May 25, 2004 by KraZy Share this post Link to post Share on other sites More sharing options...
d3bruts1d Posted May 25, 2004 Posted May 25, 2004 Wont the RH RPM's work for FC without problems? Most of them do. Share this post Link to post Share on other sites More sharing options...
KraZy Posted June 24, 2004 Posted June 24, 2004 Just to add to an outdated discussion.... I have been playing around -alot- with snort l8ly, and have slowly started to discover the differances. Yes, snort and snort-mysql are basically the same thing, just that one is compiled with mysql support. (which in my case, i have to sort through about 14k alerts (yes.. about 14,000 valid alerts) daily, in which case the MySQL dump has been helping alot. My sniffer runs 4 nics now, and will be bumped up to 6 once I get the resources, and sorting the alerts by ID is also needed. When I get back home, I will be assembling a similar system on my lan. With Apache setup and running, I will be able to monitor any intrusions from any computer via http. (which would not be possible without snort-mysql, php (with GD support) ) So... that is answer to the original question with some real-life application, in case anyone cares.... Share this post Link to post Share on other sites More sharing options...
shervin2 Posted June 25, 2004 Posted June 25, 2004 Ok, I've had some experince with Linux based Distro's and with Airsnort with my dad's labtop. Orinoco have the BEST wireless cards to pick up signals. But im sure your not using Snort to get acsess to anything illeagal right? Share this post Link to post Share on other sites More sharing options...
Bosco Posted June 25, 2004 Posted June 25, 2004 Guys guys guys.. don't sort through thousands of alerts.. there is a much easier way. Download ACID: http://acidlab.sourceforge.net/ You can easily see reports of alerts via a web interface. Share this post Link to post Share on other sites More sharing options...
shervin2 Posted June 25, 2004 Posted June 25, 2004 Nice linky! But too bad I dont got my Labtop anymore... Share this post Link to post Share on other sites More sharing options...
KraZy Posted June 25, 2004 Posted June 25, 2004 Guys guys guys.. don't sort through thousands of alerts.. there is a much easier way. Download ACID: http://acidlab.sourceforge.net/ You can easily see reports of alerts via a web interface. That is exactly what I use, actually... (PHP /w GD mighta been a giveaway) Even so, I am still pushing ACID to its limits, even with heavy rule-tweeking and FlexResp. It simply is starting to crack under the load. Share this post Link to post Share on other sites More sharing options...
Bosco Posted June 25, 2004 Posted June 25, 2004 We use to push hundreds of thousands of alerts thru it daily and never had a probably with it "cracking" under the pressure. Maybe you should tweak apache and mysql? Mysql 4.0 and query caching helps a lot. Share this post Link to post Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now