Snort-Setup for Statistics HOWTO

Sandro Poppi

        spoppi at

v1.01, Feb 23, 2002

Archived Document Notice: This document has been archived by the LDP.

Revision History
Revision 1.012002-02-23Revised by: sp
- added "Setting up Linux for Snort" section - added mysql option -p - added some clarifications in mysql section
Revision 1.02002-01-01Revised by: sp
- first release version - moved to snort version 1.8.3 - changed RPMS to point to - added link for my snortd initscript - added warning about automatic rule update - added hint to IDSPM - changed for rule files to /etc/snort to reflect's RPMS - as allways: clarified some parts
Revision 0.052001-11-14Revised by: sp
- renamed HOWTO to Snort-Setup for Statistics HOWTO - added short statistic script which I was inspired by Greg Sarsons - clarified some parts and corrected some typos
Revision 0.042001-09-29Revised by: sp
- added section "snort internal statistics" suggested from Greg Sarson - added short statistic script contributed by Greg Sarson but commented it out to get a more general version
Revision 0.032001-09-19Revised by: sp
- added throttle option to swatch.conf - changed ACID to version 0.9.6b15 - added some comments in ACID section - added MD5 checksum section but commented it out
Revision 0.022001-09-16Revised by: sp
Some clarifications as suggested from Greg Sarsons, thx ;)
Revision 0.012001-09-04Revised by: sp
Initial version

Table of Contents
1. Introduction
1.1. Copyright Information
1.2. Disclaimer
1.3. New Versions
1.4. Credits
1.5. Feedback
1.6. Translations
2. Structure
3. Technical Overview
4. Configuration
4.1. Setting up Linux for Snort
4.2. Configuring Snort
4.3. Configuring MySQL
4.4. Configuring ADODB
4.5. Configuring PHPlot
4.6. Configuring ACID
4.7. Configuring SnortSnarf
4.8. Configuring Arachnids_upd
4.9. Configuring Swatch
5. Security Issues
6. Getting Help
7. Questions and Answers