Skip to content
This repository was archived by the owner on May 3, 2024. It is now read-only.

Migrating from ACID BASE to Snorby on Ubuntu 9.04 amd64 (Jaunty)

Jump to bottom
mephux edited this page Aug 16, 2010 · 1 revision

by: dft

**NOTE: I set this up with all the gems installed locally to my user directory. I think, but I haven’t tried, if you want to install them globally use “sudo” when doing gem install.

  1. First thing we need is git

sudo apt-get install git
sudo apt-get install git-core

  1. Then all the ruby on rails business:

sudo apt-get install ruby
sudo apt-get install ruby1.8-dev
sudo apt-get install rake
sudo apt-get install rubygems
sudo apt-get install rails

  1. Add my local ruby bin path, you might want to add this to .profile
    export PATH=“~/.gem/ruby/1.8/bin;$PATH
  1. Continue prepping our dependencies
    gem install rake
    gem install rails
    gem install prawn
    gem install mysql
  1. We should now have all the necessary dependencies in place.
  2. Before we jump to the setup script we need to prepare ourselves so that
  3. the setup script doesn’t complain about not being able to drop the existing
  4. snort tables. If you followed the howto’s for barnyard2/acid-base you
  5. probably have a snort database/schema in mysql. Keep it just in case.
  6. Setup a new db/schema using your favourite method. I was in a hurry so I cheated
  7. with Mysql Administrator desktop app. For the graphically impaired let’s do this:

mysqladmin create snorby
mysql -u root
mysql> CREATE USER ’someuser’@’localhost’ IDENTIFIED BY ‘some_pass’;
mysql> GRANT ALL PRIVILEGES ON *.snorby TO ’someuser’@’localhost’
WITH GRANT OPTION;

  1. Now let’s go ahead and get the code:)

cd ~/
git clone git://github.com/mephux/Snorby.git

  1. Next we jump back to Mephux’s install procedure.
  2. Edit the database parameters to match the above use and password
    cd ~/Snorby
    vi config/database.yml.example

production:
adapter: mysql
database: name_of_snort_database_here
username: my_user
password: my_password
host: localhost

  1. Remember to :w config/database.yml while inside vi
  1. Comment out RAILS_GEM_VERSION
    vi config/environment.rb

rake snorby:setup RAILS_ENV=production

  1. Now we must jump to our barnyard2 config
  2. and point barnyard2 to the new database, as I write this I’m wondering if
  3. you can tell barnyard2 to write to two different databases in parallel?
  4. I’ll have to confirm this in #snort. In the mean time I’ll assume no to be safe.
  5. Change the following parameters in /etc/snort/barnyard.conf

output database: alert, mysql, user=snorby password= dbname=snorby host=localhost

  1. Restart barnyard2 or give it a SIGHUP
    sudo kill -HUP `cat /var/run/barnyard2_eth0.pid`
  1. Back to our Snorby install. It’s time to “Fire it UP!”
  2. Remember if you have Apache running already you need to pick a
  3. different port to listen on other than 80. Start somewhere above 48619 (at least that’s
  4. what redhat/centos like you to use for “user services”
    ruby script/server -e production -b 127.0.0.1 -p 48620 -d
  1. Next fire up your web browser and point it to:
    http://localhost:48620

login as Snorby/admin

Clone this wiki locally