but when I tried to launch SNORT using this command:
sudo /etc/init.d/snort start
I would get a fail result.
I looked in the syslog:
sudo tail /var/log/syslog
and discovered SNORT was throwing errors related to the database connection. There is a file named database.conf in /etc/snort/ that should have been modified to include the database connection information. The original instructions in the link above instructed me to modify /etc/snort/snort.conf to include the database connection information. This is wrong, the database information should go in /etc/snort/database.conf.
I edited /etc/snort/database.conf to look like this:
output database: log, mysql, user=<user> password=<password> dbname=<dbname> host=<host>
(replace <user>, <password>, <dbname>, and <host> to your settings)
Once I saved the file, I tried starting SNORT again:
sudo /etc/init.d/snort start
And I got a status of OK!
Now I can let SNORT sniff my network traffic and I can use ACID to view the results.
No comments:
Post a Comment