Topic: [CONTRIB UPDATE] Snort for smeserver 7.x

[cool34000]

Hi !

I would like to add the function of port scanning...
I tryed Dirk's howto but it doesn't seem to work.

Here what I've done :
copy/paste the original template in template-custom and I've add the lines under "preprocessor flow etc." (set it to medium)
Done a "expand-template /etc/snort/snort.conf" and "service snortd restart" and went to shieldsup to test it but nothing was traced in BASE

What am I doing wrong ?

THX for any help !

[EDIT] Sorry, it's working, it seems that it's just taking time to log it into BASE !

[MasterSleepy]

Hello all,

I update snort contrib, so that it use lastest version, 2.6.1.5, of snort.
It also corrected a bug in serveronly mode.

RPM:
http://www.vanhees.cc/modules.php?op=modload&name=CmodsDownload&file=index&req=viewdownloaddetails&lid=315&ttitle=smeserver-snort-2.6.1.5-1.i386.rpm

sRPM:
http://www.vanhees.cc/modules.php?op=modload&name=CmodsDownload&file=index&req=viewdownloaddetails&lid=316&ttitle=smeserver-snort-2.6.1.5-1.src.rpm

You have to uninstall old version first with

Code: [Select]

rpm -e smeserver-snort --nodeps
After install the new one.

If you have oldest version installed, remove it first and assure that directory :
/var/service/snortd/
/var/log/snort/
/var/log/snortd/
has been removed or remove it manually.

Regards.

[zeno]

This is a great contrib!
Thanks a lot for your work!

I'm trying to install smeserver-snort today afternoon and i f i'll encounter a problem i'll let you know.

Thanks!

Zeno

[b2vn]

I have just tried to install this, but I get the following error

======================= Activate sme snort ================================
======================= Creating snort_log database =======================
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'
======================= Creating snort_archive database ===================
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'
======================= Creating tables in snort_log ======================
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

Any suggestion on what I'm doing wrong? mysql is running and the root password is the same as my sme admin password.

[MasterSleepy]

Hello,

Why did you change root password of mysql??

Please follow instruction to reset root password to default one.
http://wiki.contribs.org/MySQL#Login_as_MySQL_root_user.

Regards,
MasterSleepy.

[kryptos]

Hi,

I just install this contrib. One thing i noticed is that eats a lot cpu load. Is there a minimum requirements for snort?

10461 snort     23   0  574m 145m  888 R 94.9 67.1   7:04.82 snort

using smeserver-snort-2.6.1.5-1
smeserver-base-1.2.2-1
smeserver-oinkmaster-1.2-2
smeserver-guardiand-1.7-4

i already reinstalled but still the same.


Regards,
Rocel