Tried to configure snort to log to a remote MySQL box and came to the rapid realization that snort did not support doing so via SSL.

The attached diff(1) will force snort to require SSL for MySQL connections. You may find it here.

If you're chrooting snort, you'll need to have devfs mounted therein for /dev/urandom. Under FreeBSD, you would simply edit /etc/fstab and add a line similar to the following:

none                    /path/to/snort/chroot/dev     devfs   rw      0       0

Then run 'mount -a' to mount it.

You'll need to copy your certificates into the root. If you wish to make a non-SSL connection, you'll need to undo the patch. Make sure you did not leave the private key world readable.


Database output functionality is being deprecated in snort in favor of utilizing unified2 with barnyard2.