Snort Mysql & Base on Feisty

[tegwilym]

Ok, I'm making progress on this. Snort is running, Ntop (not on the Sparc machine though), BASE, and SnortSnarf.
I was going to install "Acid" until I realized that it was just the same thing as BASE (Kind of like chemistry, heh!).
Anyway, just one thing left that I would like to get working. I can't get the graphs to work in BASE. When I try it, a little 'broken' .jpg icon shows up instead.

I do have Pear and the graphics add-ons installed, but still not getting any pretty pictures. Anyone else run into this problem?

Tom

[djhedges]

Ok, I'm making progress on this. Snort is running, Ntop (not on the Sparc machine though), BASE, and SnortSnarf.
I was going to install "Acid" until I realized that it was just the same thing as BASE (Kind of like chemistry, heh!).
Anyway, just one thing left that I would like to get working. I can't get the graphs to work in BASE. When I try it, a little 'broken' .jpg icon shows up instead.

I do have Pear and the graphics add-ons installed, but still not getting any pretty pictures. Anyone else run into this problem?

Tom

I remember having a problem with the graphs which I fixed by reinstalling different things such as the pear packages & php. It's been a long time so I can't exactly remember what fixed it.

You could try looking for a similar problem with pear not base or snort specific.

[tegwilym]

You could try looking for a similar problem with pear not base or snort specific.

Good idea. BASE isn't the only thing that would use that. I did try reinstalling everything, and often it said "already the most current version" - or something like that, so I know it's there. Just doesn't make any graphs.

[vaineh]

mines a different problem.

snort looks to be running fine, from ps:
/usr/sbin/snort -m 027 -D -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[any] -i eth0

but nothing is getting logged in the alert log. all my rules are included, out puts set.

[djhedges]

Good idea. BASE isn't the only thing that would use that. I did try reinstalling everything, and often it said "already the most current version" - or something like that, so I know it's there. Just doesn't make any graphs.

Open up synaptic and first do a complete removal of some parts such as the pear & php. Then install them again.

[djhedges]

mines a different problem.

snort looks to be running fine, from ps:
/usr/sbin/snort -m 027 -D -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[any] -i eth0

but nothing is getting logged in the alert log. all my rules are included, out puts set.

I would focus on modifying the config instead passing options to the command line such as the HOME_NET variable or where the logs are logged to. Theres way you can stop & start snort with

Code:

/etc/init.d/snort start
/etc/init.d/snort stop

Go back to the config and make sure it's setup to log to files and not the database.

How are you testing snort?

[izkandare]

hey..
thanks for the tutorial.my snort and base works perfectly.but how can i set authentication on the base, so that no other users could explore the base website...

[tegwilym]

Open up synaptic and first do a complete removal of some parts such as the pear & php. Then install them again.

Another fine idea. Thanks! I'll try that too.

[djhedges]

hey..
thanks for the tutorial.my snort and base works perfectly.but how can i set authentication on the base, so that no other users could explore the base website...

http://www.snort.org/docs/setup_guid...t_base_SSL.pdf

Theres a section in there explaining exactly what you asked for. It'll lock down the base directory so that you have to provide a username & password to get in.

Look for Securing Apache & Base directory towards the end of the how to.

[tjsullivan1]

Is it necessary to have apache and base installed to use snort? I am on a college campus that is very restrictive of what one does on his/her computer, and running an apache server would be one of those things that is restricted.

If it would be possible to run apache silently, that would be even better.