[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]Hola Susana... para que el snort trabaja conjuntamente con el Mysql.. tienes que compilarlo con su modulo (--with-mysql). Aparte puedes ponerlo a trabajar con el Acid+Adodb+PHPlot+GD checate esta liga: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html Saludos Mike --- Sandra Guzmán Bárcena <sandra en cenapred unam mx> wrote: > > > Hola amigos de la lista: > > Estoy trabajando con snort pero tengo un > problemilla, ya que snort si trabaja, > es decir, lee los paquetes pero me sale el siguiente > error cuando le doy la > siguiente instrucción: > > $./rules > $ snort -dev -c snort.conf > > rules]# snort -dev -c snort.conf > Running in IDS mode > Log directory = /var/log/snort > > Initializing Network Interface eth0 > > --== Initializing Snort ==-- > Initializing Output Plugins! > Decoding Ethernet on interface eth0 > Initializing Preprocessors! > Initializing Plug-ins! > Parsing Rules file snort.conf > > +++++++++++++++++++++++++++++++++++++++++++++++++++ > Initializing rule chains... > No arguments to frag2 directive, setting defaults > to: > Fragment timeout: 60 seconds > Fragment memory cap: 4194304 bytes > Fragment min_ttl: 0 > Fragment ttl_limit: 5 > Fragment Problems: 0 > Self preservation threshold: 500 > Self preservation period: 90 > Suspend threshold: 1000 > Suspend period: 30 > Stream4 config: > Stateful inspection: ACTIVE > Session statistics: INACTIVE > Session timeout: 30 seconds > Session memory cap: 8388608 bytes > State alerts: INACTIVE > Evasion alerts: INACTIVE > Scan alerts: ACTIVE > Log Flushed Streams: INACTIVE > MinTTL: 1 > TTL Limit: 5 > Async Link: 0 > State Protection: 0 > Self preservation threshold: 50 > Self preservation period: 90 > Suspend threshold: 200 > Suspend period: 30 > Stream4_reassemble config: > Server reassembly: INACTIVE > Client reassembly: ACTIVE > Reassembler alerts: ACTIVE > Ports: 21 23 25 53 80 110 111 143 513 1433 > Emergency Ports: 21 23 25 53 80 110 111 143 513 > 1433 > http_decode arguments: > Unicode decoding > IIS alternate Unicode decoding > IIS double encoding vuln > Flip backslash to slash > Include additional whitespace separators > Ports to decode http on: 80 > rpc_decode arguments: > Ports to decode RPC on: 111 32771 > alert_fragments: INACTIVE > alert_large_fragments: ACTIVE > alert_incomplete: ACTIVE > alert_multiple_requests: ACTIVE > telnet_decode arguments: > Ports to decode telnet on: 21 23 25 119 > database: compiled support for ( ) > database: configured to use mysql > database: 'mysql' support is not compiled into this > build of snort > > ERROR: If this build of snort was obtained as a > binary distribution (e.g., rpm, > or Windows), then check for alternate builds that > contains the necessary > 'mysql' support. > > If this build of snort was compiled by you, then > re-run the > the ./configure script using the '--with-mysql' > switch. > For non-standard installations of a database, the > '--with-mysql=DIR' > syntax may need to be used to specify the base > directory of the DB install. > > See the database documentation for cursory details > (doc/README.database). > and the URL to the most recent database plugin > documentation. > Fatal Error, Quitting.. > > > > Por lo tampoco puedo hacer que trabaje con acid, veo > la interfaz muy bien pero > no marca niguna alerta. Si pudiesen ayudarme se los > agradeceria mucho. > > Sandra G. ===== Miguel Hernández y López SysAdmin / Cisco Systems Certified icq: 25041228 __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- Lista de soporte de LinuxPPP Dirección email: Linux en linuxppp com Dirección web: http://mail.linuxppp.com/mailman/listinfo/linux Reglas de la lista: http://linuxppp.net/reglas.html