良玉的博客 点点滴滴,积水成河_良玉的博客_页游、手游linux运维工程师之路

snortcenter的安装

下载
解压后放在web目录下
修改config.php
$DB_dbname   = "snortcenter";           # $DB_dbname   : MySQL database name of SnortCenter DB
$DB_host     = "localhost";             # $DB_host     : host on which the DB is stored
$DB_user     = "snort";         # $DB_user     : login to the database with this user
$DB_password = "123456";                # $DB_password : password of the DB user
$DB_port     = "";                      # $DB_port     : port on which to access the DB (blank is default)
$User_authentication = 0;  #0是跳过登录,1是可以登录并操作,2是只允许更新登录
数据库:
mysql> CREATE DATABASE snortcenter;
Query OK, 1 row affected (0.05 sec)
mysql> grant all on snortcenter.* to snort@localhost identified by  "123456";  flush privileges;
Query OK, 0 rows affected (0.07 sec)
Query OK, 0 rows affected (0.01 sec)
mysql> update users set password='e10adc3949ba59abbe56e057f20f883e' where id=1; #把密码重置成123456
Query OK, 1 row affected (0.01 sec)
Rows matched: 1  Changed: 1  Warnings: 0
因为这个版本里的database.php有数据库结果的语句,所以直接访问后台页面http://192.168.10.71/snortcenter/
结果报错:
Unable to CREATE table 'schema':
Database ERROR:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'schema ( vseq int(10) unsigned NOT NULL default '0', ' at line 1
创建数据库的时候报错了,查看database.php,是与数据库的关键字冲突了,悲剧啊
find . |xargs grep schema|awk -F: '{print $1}'|sort|uniq|xargs sed -i "s/schema/schemaa/g"
替换掉,然后再重建数据库
mysql> drop database snortcenter;create database snortcenter;
Query OK, 15 rows affected (0.10 sec)
Query OK, 1 row affected (0.00 sec)
Creating Database Tables ...
Successfully created 'vars'
Successfully created 'decode'
Successfully created 'config'
Successfully created 'output'
Successfully created 'preprocessor'
Successfully created 'rules'
Successfully created 'content'
Successfully created 'uricontent'
Successfully created 'reference'
Successfully created 'rulechange'
Successfully created 'ruletype'
Successfully created 'schemaa'
Successfully inserted 'schemaa' values
Successfully created 'sensor'
Successfully created 'snortcenter_cfg'
Successfully created 'users'
Successfully inserted user: 'admin', password 'change'
Successfully created 'Rules_template'
Done.
现在好了,刷新下就能看到主界面了
然后我们来安装客户端
下载:
http://sourceforge.net/projects/snortcenter2/files/SnortCenter%20Agent/Linux%20Agent/snortcenter-agent-v2.x.linux.tar.gz/download
# tar xvf snortcenter-agent-v2.x.linux.tar.gz
# mv sensor /etc/snort/
# cd /etc/snort/sensor/
然后执行setup.sh进行安装,安装的时候不要ssl,记住帐号密码
安装好以后
sensor console->add sensor
sensor name                   router
sensor ip                         192.168.10.71   port   2525
sensor                             admin
password                        123456
sensor agent type           sensortcenter agent v.1 (SSL disabled)
interface name to sniff     eth0
snort command line         -d -l /var/log/snort
先按push,才能start,因为console要丟一些信息到agent主机上,像snort.conf 等等 …


标签: snortcentersnort安装

作者:良玉 分类:snort 浏览:1293 评论:0
留言列表
发表评论
来宾的头像