snortattack

fastlog database output :

download here: http://www.snortattack.org/fastlog.tgz

# REQUIREMENTS :
#
# mysql > 5.0
# apache (any version)
# php > 4.0
# php module = php-db , php-mysql
# perl (any version)
# linux kernel 2.6.x
# Snort with fastlog enabled. (ex: snort -ieth0 -c /etc/snort/snort.conf -A fast -D)
#
# INSTALL :
#
# 1 - create database mysql and the permission :
#
# mysql -uroot -p -h localhost
# create db fastlog
# GRANT ALL PRIVILEGES ON fastlog.* TO user@localhost IDENTIFIED BY 'password';
#
# import database
#
# mysql -uroot -p fastlog < snort_faster.sql
#
# 2 - execute permission to ParseMyLine.pl :
#
# chown a+x ParseMyLine.pl
#
# 3 - edit ParseMyLine.pl :
#
# $database = "fastlog";
# $hostname = "127.0.0.1";
# $port = "3306";
# $username = "user";
# $password = "password";
# $FileName = "/var/log/snort/alert";
#
# 4 - edit conf.ini :
#
# db_host = "127.0.0.1"
# db_username = "user"
# db_password = "password"
# db_name = "fastlog"
#
# 5 - move ParseMyLine.pl to /usr/bin/ :
#
# mv ParseMyLine.pl /usr/bin/
#
# 6 - edit crontab, run every 5 minustes :
#
# crontab -e
#
# */5 * * * * /usr/bin/ParseMyLine.pl
#
# 7 - php page :
#
# locate your apache DocumentRoot or virtualhosts and create a directory for fastlog ex:
#
# mkdir /var/www/html/fastlog
# mv .htaccess /var/www/html/fastlog/
# mv *.php /var/www/html/fastlog/
# mv conf.ini /var/www/html/fastlog/
# mv favicon.ico /var/www/html/fastlog/
# mv css /var/www/html/fastlog/
#
# set apache permission (depend from your configuration)
#
# chown apache: /var/www/html/fastlog/ -R
#
#
#
# 8 - htpasswd (Optional but strongly recommanded):
#
# You should protect your fastlog webpage, ex insert in .htaccess:
#
# AuthName "Fastlog Area"
# AuthType Basic
# AuthUserFile /var/www/fastlog.htpasswd
# Require user fastlog
#
# and create the password file:
#
# htpasswd -c /var/www/fastlog.htpasswd fastlog
#
# 9 - point to the page :
#
# http://127.0.0.1/fastlog/
#