Snort

Snort is a Network Intrusion Detection System (NIDS). The goal of this document is to walk you though the installation and setup of Snort with either PostgreSQL or MySQL.

Install Required Programs
Set these USE flags
 * (important for snort 2.6.X)
 * (if you're using PostgreSQL as a backend)
 * (if you're using MySQL as a backend)

If you're using PostgreSQL as a backend

If you're using MySQL as a backend

Install Snort and a database

Install PostgreSQL or Install MySQL.

Setup Snort with PostgreSQL
Start PostgreSQL and create a new snort user Enter a unique password (remember it) and answer 'n' to any questions. Now initialize the database

Now configure some options.

Verify the permissions of snort.conf (root:snort 640) and start snort

If snort user is not an owner of snort DB, you should grant permissions on DB objects Granting permissions

Look here for more details

Verify snort is logging to the database (optional)

You should get the hostname(or IP address) snort is running on.

Secure Remote PostgreSQL Setup (optional)
You need to edit the next two files only if you've setup PostgreSQL on a separate server.

Setup Snort with MySQL
Finish installation of MySQL

Set root password, replace new-password with the desired password. Mind the single quotes.

Start MySQL and create the snort database|

--enter the password you assigned earlier

Create the snort user

Enter a unique password (remember it) and answer 'n' to any questions. Initialize the database

Now configure some options.

Verify the permissions of snort.conf (root:snort 640) and start snort

Verify snort is logging to the database (optional)

You should get the hostname(or IP address) that snort is listening on.

Final Steps
Restart Snort and the database

Set snort and the database to run on boot

Graphical BASE Front-End (optional)
If you'd like to view your Snort logs graphically via your web browser, take a look at BASE. As of now, an empty page to be completed later.