The first try to install on Debian, the process is very simple.
In order to facilitate the analysis results, ACID is also installed. The process is briefly said.
First install Apache PHP4 MySQL,
Apt-get install apache2 libapache2-mod-php4 php4 php4-mysql mysql-server mysql-client
Establish a database Snortdb that mysql stores Snort output;
Establish an account Snort @ localhost to manage the database, except for GRANT permissions.
You can use phpmyadmin (more bugs before this) is not familiar with the mysql command.
Web-based visualization MySQL management tool
Install Snort-MySQL, automatically install Snort-Common, Snort-Rules-Default
# APT-GET Install Snort-MySQL
After installing, I will answer several questions in the configuration script, and then remember to build the tables in Snortdb.
ZcAT /usR/SHARE/doc/snort-mysql/contrib/create_mysql.gz | mysql -u [id] -p -h [host] [Snort-Database]
If you talk to me, [ID] = Snort [Host] = localhost [Snort-Database] = Snortdb
You may wish to manually modify /etc/snort/snort.conf / etc / snort / rules / * to cater to your system.
Install acidlab
# APT-GET Install AcidLab
Also answer a few questions, Snort-Achieve-DB also uses snotdb library
Ok, I'm big, I will see it in the browser.
http: // [YourHost] / acidlab / don't have to say more.
Debian is really good, save yourself a little changed to make these things cooperate.
Finally, I will pay attention to two points.
1 Establish .htpasswd protection
http: // [YourHost] / AcidLab / Directory
2 Remember to update your Snort-Rules often
