![]() In Snort Intrusion Detection and Prevention Toolkit, 2007 Database LoggingĪfter receiving syslog alerts for a while, we have decided that we want to start using some of the analysis tools that require the data to be stored in a database. In this way, any subset of alerts is only two clicks away, sort of like a shortcut straight to a particular set of filtering criteria. In the future, if you want to quickly see this group of alerts, you can click Alert Group Maintenance at the bottom of each page, and then click the alert group you want to view. The next screen will be a listing of all alerts from 192.168.1.1.This screen is the alert group. Enter a meaningful text description for the group and click Save Changes. ![]() The next screen enables you to enter a description for the newly created alert group. ![]() You can check the check box to the left of 192.168.1.1, and then use the drop-down box to select Create AG (by Name). For example, suppose you want to know anytime that 192.168.1.1 generates an alert. Alert groups are basically shortcuts to enable you to view a subset of alerts quickly, without having to navigate through the various menus to get there. This enables you to configure the alert groups. Note the field at the bottom labeled ACTION. Uncomment and edit the following line:įigure 4.18. Follow these steps to get BASE up and running. This is the list of dependencies for running BASE: httpd, Snort (with MySQL support), MySQL, php-gd, pcre, php-mysql, php-pdo, php-pear-Image-GraphViz, graphviz, and php-adodb. The Snort Web site has RPM packages with MySQL support already included for some operating systems. Snort must be installed with the - with-mysql switch because Snort does not support MySQL output by default. The instructions to configure BASE assume you have already installed and configured Snort. Whereas ACID is more of a general-purpose front end for viewing and search events, BASE is a Snort-specific utility. Base was derived from the ACID project (Analysis Console for Intrusion Databases). The purpose of BASE is to provide a Web-based front end for analyzing the alerts generated by Snort. We'll get you up and running with BASE in this section, and then cover it in much more detail in Chapter 9. Basic Analysis and Security Engine (BASE) is available for download from.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |