编辑/etc/snort/snort.conf,开启下面两项,也可以使用snortrules配置文件中的/etc/snort.conf文件修改var RULE_PATH ,var PREPROC_RULE_PATH,output database: log, mysql, user=root password=123456 dbname=snort host=127.0.0.1,
include $RULE_PATH/local.rules /* 可以灵活控制加载的入侵检测规则类别 */include threshold.conf threshold.conf 实际上是定义了例外规则的一张列表,您可以通过修改这个文件来消除误报或者不关注的网络行为带来的大量告警信息。只要Snort源源不断地把入侵检测信息送入数据库,您就可以通过 ip来查看了解当前以及长期的网络入侵记录。启动Snort监测并把信息输出到Mysql数据库里
使用以下命令指定监测网卡和配置文件以及参数#PCAP_FRAMES=max snort -i eth0 -c /etc/snort.conf d -e
snortd实质上=snort -A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
直接:snort -b -d -c /etc/snort/snort.conf -l /var/log/snort -D 好用出数据
修改内容:具体情况分析修改,有些时候路径是正确的所以就不需要修改了。
output database: log, mysql, user=snort password=123456 dbname=snort host=localhost
# This example will create a rule type that will log to syslog and a mysql //这里去掉井号即可。
# database:
ruletype redalert
{
type alert
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=snort dbname=snort host=localhost
}
[root@localhost snort]# export PCAP_FRAMES=max//设置环境变量
安装gd后出现问题如下显示不了图形。
error loading the Graphing library:
Check your Pear::Image_Graph installation!
Image_Graph can be found here:at Without this library no graphing operations can be performed.
Make sure PEAR libraries can be found by php at all:
pear config-show | grep "PEAR directory"PEAR directory php_dir /usr/share/pear
This path must be part of the include path of php (cf. /etc/php.ini):
php -i | grep "include_path"include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php
[root@localhost snort]# yum -y install php-pear//安装php-pear
[root@localhost snort]# pear config-show|grep "PEAR directory"
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/msql.so' - /usr/lib/php/modules/msql.so: cannot open shared object file: No such file or directory in Unknown on line 0
Binary file (standard input) matches
[root@localhost snort]# php -i |grep "include_path"
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/msql.so' - /usr/lib/php/modules/msql.so: cannot open shared object file: No such file or directory in Unknown on line 0
include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php
PHP Warning: Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in Unknown on line 0
解决方法:
1.yum install php-pear
2.下载Canvas-0.3.0.tar.gz, Image_Color-1.0.2.tar.gz, Image_Graph-0.7.2.tar.gz
3利用pear install Canvas-0.3.0.tar.gz //安装即可
pear install Image_Color-1.0.2.tar.gz
pear install Image_Graph-0.7.2.tar.gz