Installing An Apache2 Web Server Logging Events To A Mysql Database

24/7/2020 Installing an Apache2 Web Server logging events to a MySQL Database - Installing a Windows Intrusion Detection System (WinIDS)…
 Create    rodrigo 
Browse Activity About Us Search... 
Forums Downloads Tutorials Member Map Guidelines
Online
 Home Users
 Tutorials   Unread Content  Mark site read
Installing a Windows Intrusion Detection System (WinIDS) 
Installing an Apache2 Web Server logging events to a MySQL Database
Installing an Apache2 Web Server Follow 0
logging events to a MySQL Database
By Morpheus
Find their other tutorials
How to Install a Windows Intrusion Detection

System (WinIDS)
Running Apache2, and logging events to a

local MySQL Database
Windows 7 / 8.x / 10 / 2008 R2 SE / 2012 R2 SE /
2016 SE / 2019 SE
Written by: Michael E. Steele 
www.winsnort.com/tutorials/article/4-installing-an-apache2-web-server-logging-events-to-a-mysql-database/ 1/33
Get Community Support!
Introduction
Take Note: Winsnort has phased out support for the 32bit architecture,
and all references have been removed in all the tutorials.
During my research, and development I've found a lot of tutorials, and blogs
describing the installation process for the UNIX environment. Yet, none of
them specifically detailed setting this up in a Windows environment. I've
been working on, and updating these tutorials for the past 12 plus years,
and managed to get through the complete process in the Windows
environment.
These tutorials gives all the basic instructions on how to create a complete,
and all inclusive standalone Windows Intrusion Detection System (WinIDS).
This is all made possible by simply wrapping Snort, a very powerful
Intrusion Detection Engine into a multitude of free open source programs.
Best of all, other than the cost of the Windows operating system, it's
completely free.
If there are any doubts which tutorial should be used, there is a posted topic
HERE that will provide the basics so an informed decision can be made
based on which combination of software packages are best suited for the
installation.
Copyright Notice
This document is Copyright © 2002-2020 Michael Steele. All rights

reserved. Permission to distribute this document is hereby granted providing
that distribution is electronic, in it's original form, no money is involved, and
this copyright notice is maintained. Other requests for distribution will be
considered.
Use the information in this document at your own risk. Michael Steele
disavows any potential liability of this document. Use of the concepts,
examples, and/or other content of this document are entirely at your own
risk.
This tutorial is written in the hope that it will be useful, but without any
warranty; without even the implied warranty of merchantability or fitness for
a particular purpose.
All copyrights are owned by their owners, unless specifically noted


otherwise. Third party trademarks or brand names are the property of their
owners. Use of a term in this document should not be regarded as affecting
the validity of any trademark or service mark. Naming of particular products
or brands should not be seen as endorsements.
Support Questions and Help
All general support questions related to a specific tutorial MUST be directed

to the specific forum for that particular tutorial. If there is any confusion just
click on the 'Get Community Support' button at the top of each tutorial to
get transported to the correct forum!
There is a Client Only Lounge where all advanced questions/problems

should be posted not related to the general installation of any of the
tutorials.
By request, there is a premium fee service available for one on one support.
If you have not acquired this tutorial directly from the winsnort.com
website, then you most likely do not have the latest revision of this
tutorial!
This is a basic Windows Intrusion Detection System

(WinIDS) deployment
Microsoft's Windows operating systems are used exclusively for these

tutorials.
It is highly recommended to start with a fresh install of one of the

supported Windows operating systems listed below.
If this is a commercial installation and Windows 10 is a requirement, it is

recommended that Windows Enterprise 10 LTSC (Long Term Servicing
Channel) is used.
With the LTSC servicing model, customers can delay receiving feature
updates and instead only receive monthly quality updates on devices.
Features from Windows 10 that could be updated with new functionality,
including Cortana, Edge, and all in-box Universal Windows apps, are also
not included. Feature updates are offered in new LTSC releases every 2–
3 years instead of every 6 months, and organizations can choose to
install them as in-place upgrades or even skip releases over a 10-year life
cycle. Microsoft is committed to providing bug fixes and security patches
for each LTSC release during this 10 year period.
The Long Term Servicing Channel is not intended for deployment on most 
or all the PCs in an organization. The LTSC edition of Windows 10

provides customers with access to a deployment option for their special-
purpose devices and environments. These devices typically perform a
single important task and don’t need feature updates as frequently as
other devices in the organization. These devices are also typically not
heavily dependent on support from external apps and tools. Since the
feature set for LTSC does not change for the lifetime of the release, over
time there might be some external tools that do not continue to provide
legacy support.
See LTSC: What is it, and when it should be used.
Windows x64 7 Professional

Windows x64 8.x Professional
Windows x64 10 Professional
Windows x64 Server 2008 R2 Standard Edition
Windows x64 Server 2012 R2 Standard Edition
Windows x64 Server 2016 Standard Edition
Windows x64 Server 2019 Standard Edition
All the operating systems listed above have been tested using this
tutorial. However, any another Windows operating system listed above,
under the same framework will most likely work.
Major support programs used in this install
Npcap allows 3rd party applications such as Snort to capture and

transmit network packets bypassing the protocol stack.
Snort performs real-time traffic analysis and network packet logging
on Internet Protocol (IP) networks data streams.
Barnyard2 is a dedicated spooler for Snort's unified2 binary output
format, and on-forwarding to a MySQL database.
Strawberry Perl is everything needed to run perl scripts (.pl), and
applications such as PulledPork.
MySQL-driven database stores processed events from Barnyard2 for
analysis.
Apache2 will drive the web based Windows Intrusion Detection
Systems (WinIDS) GUI security console.
BASE serves as the Windows Intrusion Detection Systems (WinIDS)
web based GUI security console.
How this Hardware and Software was prepped for this

Windows Intrusion Detection System (WinIDS) tutorial
A fresh install of any version of Windows listed above is highly 

recommended.
All available Service Packs and updates MUST be applied from the
Microsoft Download Center.
For these tutorials there are two partitions: C: (System) with 300GB,
and D: (WinIDS) with 1TB.
Installed memory should be no less than 4GB (more is always better).
The Windows Intrusion Detection System (WinIDS) will fail if the

default installation path is not Implemented correctly!
The default installation path noted above is hard coded into this tutorial,
and is also hard coded into some of the install scripts. Installers will need
to make the appropriate changes in both places if the default installation
path is anything other then 'd:\winids', or the support files are located
anywhere other than the 'd:\temp' folder.
The Windows Intrusion Detection System (WinIDS) will fail if the

default installation path is not Implemented correctly!
Prepping for the Windows Intrusion Detection

System (WinIDS) Tutorial
Downloading and extracting the core Windows Intrusion

Detection Systems (WinIDS) Software Support Pack
It is imperative to only use the files included in the 'WinIDS - Core

Software Support Pack' below. These files have been thoroughly tested
and compatible with this particular Windows Intrusion Detection Systems
(WinIDS) tutorial.
Download and save the 'WinIDS - Core Software Support Pack' to a

temporary location.
Open File Explore and navigate to the location of the 'winids-core.zip' file,
right-click the 'winids-core.zip' file, highlight and left-click 'Extract all...', in the
'Files will be extracted to this folder:' dialog box type 'd:\temp' (less the
outside quotes), left-click and uncheck the 'Show extracted files when
complete' radio box, left-click extract, in the 'Password:' dialog box type
'w1nsn03t.c0m' (less the outside quotes), left-click 'OK', and eXit File
Explorer..
Downloading additional, and required support files for all

supported Windows operating systems

It is imperative to only use the files downloaded from the URL links below.
All the files have been verified as compatible with this particular Windows
Intrusion Detection Systems (WinIDS) tutorial. All the files below will need
to be downloaded into the folder (d:\temp) that was created when the files
from the above 'WinIDS - Core Software Support Pack' were extracted.
npcap-0.9995: Download and save the file to the d:\temp folder.
Snort 2_9_16: Download and save the file to the d:\temp folder.
The next download requires the installer to be a registered user on the

snort.org website, and logged in.
Navigate to the snort.org website and either login or create a new

account. While still being logged into the snort.org web site return to the
Windows Intrusion Detection Systems (WinIDS) tutorial, and initiate the
next download.
Note: If the installer is not logged into the snort.org website prior to
initiating the next download, the installer will be re-directed to the
snort.org website. At that point either create a new account or login. While
still being logged into the snort.org website return to the Windows
Intrusion Detection Systems (WinIDS) tutorial, and initiate the next
download.
snortrules-snapshot-29160: Download and save the file to the

d:\temp folder.
Rule Documentation (opensource.gz): Download and save the file

to the d:\temp folder.
Strawberry Perl 5.30.2.1: Download and save the file to the d:\temp
folder.
Apache2 2.4.43 (VS16): Download and save the file to the d:\temp
folder.
Apache2 FastCGI module 2.3.10 (VS16): Download and save the file
to the d:\temp folder.
MySQL Database 8.0.21.0: Download and save the file to the

d:\temp folder.
PHP 5.6.40 TS (VC11): Download and save the file to the d:\temp
folder.

Installing the core support files, and making basic

configuration changes
It is important when asked to 'Open a CMD window with Administrator

privileges' it is done, or the install will fail.
It is also important when asked to 'Close a CMD window' it is done, or the

install will fail.
Note: The user installing this tutorial MUST be a member of the

Administrators group.
Note: If the User Account Control dialog box appears at ANY time during
this install ALWAYS left-click 'Yes' to continue, or the install will fail.
Instructions on starting a command prompt as an Administrator
In the Windows Search box, type cmd, and then press

CTRL+SHIFT+ENTER.
Windows 8.x / 10 / 2012 R2 SE / 2016 SE / 2019 SE: The original Windows

install media (DVD/USB/ISO) is now required to be inserted or mounted..
Windows 8.x / 10 / 2012 R2 SE / 2016 SE / 2019 SE: Open a CMD window

with Administrator privileges and type 'dism.exe /online /enable-feature /all
/featurename:NetFX3 /Source:x:\sources\sxs' (less the outside quotes), and
tap the 'Enter' key.
The correct source drive letter where the Windows install media is located
must be inserted into the 'x' position above.
The following is a confirmation that the '.NET Framework 3.5 Features'

were installed successfully.
Deployment Image Servicing and Management tool

Version: (redacted)
Image Version: (redacted)
Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.
Do not proceed until 'The operation completed successfully.', and

the original Windows install media has been removed, or
unmounted.
Windows All: Open a CMD window with Administrator privileges if one is

not opened and type 'd:\temp\modder.vbs' (less the outside quotes), and tap 
the 'Enter' key.
Allow the script to automatically reboot the system! DO NOT

INTERVENE!
The modder.vbs file preforms several tasks:
Installs Microsoft Visual C++ 2012/2013

Installs 'Notepad2' to Windows\System32
Installs 'unzip' to Windows\System32
Installs 'tartool' to Windows\System32
Inserts 'winids' hostname into hosts file
Inserts 'IGMP and SCTP' into the protocol file for Snort rules
Inserts 'Nodosfilewarning' into User ENV to suppress CYGWIN
warning message when starting Barnyard2
Sets 'Show File Extensions' as on in registry
Reboots system
After the reboot it is strongly advise that the Microsoft Baseline Security
Analyzer (MBSA) be used to identify and correct common security miss
configurations. Each issue should be resolved prior to starting this tutorial.
Installing the Windows Intrusion Detection

System (WinIDS)
Installing Npcap
Open a CMD window with Administrator privileges and type

'd:\temp\npcap-0.9995.exe' (less the outside quotes), and tap the 'Enter'
key.
The 'License Agreement' window opens, left-click 'I Agree'.
The 'Installation Options' window opens, uncheck everything, and then

check 'Install Npcap in WinPcap API-compatible Mode', left-click 'Install'.
The 'Installing' window opens, allow the install to complete.
The 'Installation Complete' window opens, left-click 'Next'.
The 'Finished' window opens, left-click 'Finish'.

Installing Snort, the Traffic Detection and Inspection

Engine
At the CMD prompt type 'd:\temp\Snort_2_9_16_Installer.x64.exe' (less the

outside quotes), and tap the 'Enter' key.
The 'License Agreement' window opens, left-click 'I Agree'.
The 'Choose Components' window opens, left-click 'Next'.
The 'Choose Install Location' window opens, in the 'Destination Folder'

dialog box, type 'd:\winids\snort' (less the outside quotes), left-click 'Next'
allowing the install to complete.
The 'Snort has been successfully installed' window opens, left-click 'OK'.
Testing the Windows Intrusion Detection System (WinIDS)

for network traffic
At the CMD prompt type 'd:\winids\snort\bin\snort -W' (less the outside

quotes), and tap the 'Enter' key.
The following is a partial example of what might be listed as valid Network

Interface Cards.
Index Physical Address IP Address

----- ---------------- ----------
1 00:0C:29:25:B4:96 0000:0000:fe80:0000:0000:000
There may be several Network Interface Cards listed, and it will be up to

the installer to determine the correct Network Interface Card (Index
number) that will be monitoring the Windows Intrusion Detection System
(WinIDS).
The switch for the Network Interface Card will always be '-ix' (less the
outside quotes), and the 'x' (less the outside quotes) will always represent
the 'Index' number of Network Interface Card that will be monitoring the
Windows Intrusion Detection System (WinIDS).
At the CMD prompt type 'd:\winids\snort\bin\snort -v -ix' (less the outside

The above run line will require the 'Index' number of the monitoring
Network Interface Card inserted in the place of the 'x' position above. This
will start Snort in verbose mode, verifying there is network traffic on
interface 'x'.

Open any web-browser and generate some traffic.
There should now be multiple packets passing through the CMD window,
and something similar to the following output is a confirmation indicating
that everything is ready to proceed.
10/08-12:12:32.131826 10.0.0.29:1068 -> 65.55.121.241:80

TCP TTL:128 TOS:0x0 ID:1586 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x7430B82E Ack: 0x1850214F Win: 0xFAF0 TcpLen:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Note: If no traffic is passing through the CMD window, try another 'Index'
number.
After verifying active network traffic, eXit the web-browser, activate the CMD
window, and press the 'CTRL/C' keys to stop the Snort process.
Do not proceed until network traffic is being displayed in the CMD

window.
Installing the Latest Rule Set
At the CMD prompt type 'tartool d:\temp\snortrules-snapshot-29160.tar.gz

d:\winids\snort' (less the outside quotes), and tap the 'Enter' key.
Installing Strawberry Perl
At the CMD prompt type 'd:\temp\strawberry-perl-5.30.2.1-64bit.msi' (less

the outside quotes), and tap the 'Enter' key.
The 'Welcome to the Setup Wizard for Strawberry Perl...' window opens,
left-click 'Next'.
The 'End-User License Agreement' window opens, left-click checking the 'I
accept the terms...' radio button, and left-click 'Next'.
The 'Destination Folder' window opens, in the 'Install Strawberry Perl to:'
dialog box type 'd:\winids\strawberry\' (less the outside quotes), and left-click
'Next'.
The 'Ready to install Strawberry Perl..' window opens, left-click 'Install'.
The 'Install Strawberry Perl..' window opens, allow the install to complete,
and left-click 'Next'.

The 'Completed the Strawberry Perl...' window opens, uncheck the 'Read
README file.' radio box, and left-click 'Finish'.
At the CMD prompt type 'exit' (less the outside quotes), and tap the 'Enter'
key.
Installing the Apache2 Web-Server
Open a CMD window with Administrator privileges and type 'unzip -oqq
d:\temp\httpd-2.4.43-win64-VS16.zip -d d:\winids' (less the outside quotes),
and tap the 'Enter' key.
Installing the FastCGI ASF support module for Apache2
At the CMD prompt type 'unzip -joqq d:\temp\mod_fcgid-2.3.10-win64-

VS16.zip "mod_fcgid-2.3.10\*.so" -d d:\winids\Apache24\modules' (less the
Installing BASE, the Windows Intrusion Detection Systems

(WinIDS) Security Console
At the CMD prompt type 'unzip -oqq d:\temp\base-1.4.5.zip -d

d:\winids\apache24\htdocs\base' (less the outside quotes), and tap the
'Enter' key.
Installing Barnyard2
At the CMD prompt type 'unzip -oqq d:\temp\barnyard2-x64-2.1.14-

build337.zip -d d:\winids\barnyard2' (less the outside quotes), and tap the
'Enter' key.
Installing the MySQL Database Server
At the CMD prompt type 'd:\temp\mysql-installer-community-8.0.21.0.msi'

(less the outside quotes), and tap the 'Enter' key.
The MySQL installer 'Choosing a Setup Type' window opens. Left-click

selecting the 'Custom' radio button, and left-click 'Next'.
The MySQL installer 'Select Products and Features' window opens. Under
'Available Products:' left-click expanding 'MySQL Servers', left-click
expanding 'MySQL Server', left-click expanding 'MySQL Servers 8.0', left-
click highlighting 'MySQL Server 8.0.xx - X64', left click the green arrow
pointing to the right moving the 'MySql Server 8.0.xx - X64' to the 
'Products/Features To Be Installed:' section. Under 'Products/Features To

Be Installed:' left-click highlighting 'MySql Server 8.0.xx - X64'. Just above
the 'Cancel' button left-click 'Advanced Options', and the 'Advanced Options
for MySQL Server 8.0.xx' opens. In the 'Install Directory:' dialog box type
'd:\winids\mysql' (less the outside quotes). In the 'Data Directory:' dialog box
type 'd:\winids\mysql' (less the outside quotes), left-click 'OK', and left-click
'Next'.
The MySQL installer 'Installation' window opens. Left-click 'Execute' allowing

the MySQL to 'Complete' the install, and left-click 'Next'.
The MySQL installer 'Product Configuration' window opens, and left-click

'Next'.
The MySQL installer 'High Availability' window opens. Verify the radio button
to the left of 'Standalone MySQL Server / Classic MySQL Replication' is
selected, and left-click 'Next'.
The MySQL installer 'Type and Networking' window opens. Under 'Server
Configuration Type' left-click the 'Config Type:", left-click selecting 'Server
Computer', and left-click 'Next'.
The MySQL installer 'Authentication Method' window opens. To the left of

'Use Legacy Authentication Method...' left-click selecting the radio button,
The MySQL installer 'Accounts and Roles' window opens. In the 'MySQL
Root Password:' dialog box type 'd1ngd0ng' (less the outside quotes). In the
'Repeat Password:' dialog box type 'd1ngd0ng' (less the outside quotes),
The MySQL installer 'Windows Service' window opens. In the 'Windows

Service Name:' dialog box type 'MySQL' (less the outside quotes), and left-
click 'Next'.
The MySQL installer 'Apply Configuration' window opens. Left-click

'Execute' allowing the configuration for MySQL Server to succeed, and left-
click 'Finish'.
The MySQL installer 'Product Configuration' window opens. Left-click 'Next'.
The MySQL installer 'Installation Complete' window opens. Left-click 'Finish'

to complete the MySQL Database installation.
At the CMD prompt type 'copy d:\winids\mysql\lib\libmysql.dll

c:\windows\system32' (less the outside quotes), and tap the 'Enter' key.

Should display '1 file(s) copied.', and return to the command prompt.
Installing ADODB
At the CMD prompt type 'unzip -oqq d:\temp\adodb-5.20.17.zip -d d:\winids'

Installing PHP
At the CMD prompt type 'unzip -oqq d:\temp\php-5.6.40-Win32-VC11-

x64.zip -d d:\winids\php' (less the outside quotes), and tap the 'Enter' key.
Updating the 'sid-msg.map' file
At the CMD prompt type 'unzip -oqq d:\temp\activators.zip -d

d:\winids\activators' (less the outside quotes), and tap the 'Enter' key.
At the CMD prompt type 'unzip -oqq d:\temp\create-sidmap.zip -d

d:\winids\create-sidmap' (less the outside quotes), and tap the 'Enter' key.
The 'sid-msg.map' file essentially maps the Rule MSG alert name to the
sid number assigned to the rule.
This really comes into play when the output method from Snort is in
unified2 format, taking that output, and reading it with Barnyard2 for input
into the database.
Since the rule msg is not stored in the unified2 file format, it's necessary
for Barnyard2 to read the sid-msg.map file to correctly input the names of
the events into the database when associated with an alert by sid.
Without the 'sid-msg.map' being read by barnyard2, the events in the

database will show up only as gid:sid. (1:2133 for example). Also,
updating the rules and not updating the 'sid-msg.map' will also show
events from all new rules as gid:sid. (1:2133 for example).
At the CMD prompt type 'perl d:\winids\create-sidmap\create-sidmap.pl

d:\winids\snort\rules\ > d:\winids\snort\etc\sid-msg.map' (less the outside
Configuring Snort, the Heart of the Windows Intrusion

Detection System (WinIDS)
At the CMD prompt type 'type NUL > d:\winids\snort\rules\white_list.rules'


At the CMD prompt type 'type NUL > d:\winids\snort\rules\black_list.rules'

At the CMD prompt type 'notepad2 d:\winids\snort\etc\snort.conf' (less the

Use the Find option in Notepad2 to locate and change the variables
below.
Original Line(s): ipvar HOME_NET any

Change to: ipvar HOME_NET 192.168.1.0/24
In the above HOME_NET example (192.168.1.0/24), using a CIDR of 24

the Windows Intrusion Detection System (WinIDS) will monitor addresses
192.168.1.1 - 192.168.1.254. It is important to specify the correct internal
IP segment of the Windows Intrusion Detection System (WinIDS) network
that needs monitoring, and to set the correct CIDR.
Original Line(s): var RULE_PATH ../rules

Change to: var RULE_PATH d:\winids\snort\rules
Original Line(s): var SO_RULE_PATH ../so_rules

Change to: # var SO_RULE_PATH ../so_rules
Original Line(s): var PREPROC_RULE_PATH ../preproc_rules

Change to: var PREPROC_RULE_PATH d:\winids\snort\preproc_rules
Original Line(s): var WHITE_LIST_PATH ../rules

Change to: var WHITE_LIST_PATH d:\winids\snort\rules
Original Line(s): var BLACK_LIST_PATH ../rules

Change to: var BLACK_LIST_PATH d:\winids\snort\rules
Original Line(s): dynamicpreprocessor directory

/usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory
d:\winids\snort\lib\snort_dynamicpreprocessor
Original Line(s): dynamicengine

/usr/local/lib/snort_dynamicengine/libsf_engine.so
Change to: dynamicengine
d:\winids\snort\lib\snort_dynamicengine\sf_engine.dll
Original Line(s): decompress_swf { deflate lzma } \

Change to: decompress_swf { deflate } \

Original Line(s): # preprocessor sfportscan: proto { all } memcap {

10000000 } sense_level { low }
Change to: preprocessor sfportscan: proto { all } memcap { 10000000 }
sense_level { low } logfile { portscan.log }
Original Line(s): # output unified2: filename merged.log, limit 128,

nostamp, mpls_event_types, vlan_event_types
Change to: output unified2: filename merged.log, limit 128
Original Line(s):
# include $PREPROC_RULE_PATH/preprocessor.rules
# include $PREPROC_RULE_PATH/decoder.rules
# include $PREPROC_RULE_PATH/sensitive-data.rules
Change to:
include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
include $PREPROC_RULE_PATH/sensitive-data.rules
Save the file, and eXit Notepad2.
Testing the Snort configuration file


Interface Cards.

----- ---------------- ----------
1 00:0C:29:25:B4:96 0000:0000:fe80:0000:0000:000

(WinIDS).
At the CMD prompt type 'd:\winids\snort\bin\snort -c

d:\winids\snort\etc\snort.conf -l d:\winids\snort\log -ix -T' (less the outside

Network Interface Card added to the 'x' above.
This will start Snort in self-test mode for configuration and rule file testing,
and depending on the resources used, and/or available, it could take
several minutes to run the self-test mode.
If all the tests are passed, the following is a confirmation that the Snort
configuration file and rules have tested good.
Snort successfully validated the configuration!

Snort exiting
Do not proceed until 'Snort successfully validated the configuration!'
Configuring PHP
At the CMD prompt type 'copy d:\winids\php\php.ini-production

d:\winids\php\php.ini' (less the outside quotes), and tap the 'Enter' key.
Should display '1 file(s) copied.', and return to the CMD prompt.
At the CMD prompt type 'notepad2 d:\winids\php\php.ini' (less the outside

below.
Original Line(s): max_execution_time = 30

Change to: max_execution_time = 60
Original Line(s): error_reporting = E_ALL & ~E_DEPRECATED &

~E_STRICT
Change to: ; error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
Original Line(s): ;include_path = ".;c:\php\includes"

Change to: include_path = "d:\winids\php;d:\winids\php\pear"
Original Line(s): ; extension_dir = "ext"

Change to: extension_dir = "d:\winids\php\ext"
Original Line(s): ;extension=php_gd2.dll

Change to: extension=php_gd2.dll
Original Line(s): ; extension=php_mysql.dll 

Change to: extension=php_mysql.dll
Original Line(s): ;date.timezone =

Change to: date.timezone = America/New_York
In the above date.timezone setting, America/New_York is only the default.

Inserting the correct Timezone setting where the Windows Intrusion
Detection System will be located is essential. Check out the PHP website
for the List of Supported Timezones.
Original Line(s): ;session.save_path = "/tmp"

Change to: session.save_path = "c:\windows\temp"
Configuring the Apache2 Web-Server
At the CMD prompt type 'notepad2 d:\winids\apache24\conf\httpd.conf' (less

below.
Original Line(s): Define SRVROOT "c:/Apache24"

Change to: Define SRVROOT "d:\winids\apache24"
Original Line(s): Listen 80

Change to: Listen winids:80
Just below the line '#LoadModule xml2enc_module

modules/mod_xml2enc.so', add the next line.
LoadModule fcgid_module modules/mod_fcgid.so
Original Line(s): #ServerName www.example.com:80

Change to: ServerName winids:80
Original Line(s): DocumentRoot "${SRVROOT}/htdocs"

Change to: DocumentRoot "${SRVROOT}\htdocs\base"
Original Line(s): <Directory "${SRVROOT}/htdocs>

Change to: <Directory "${SRVROOT}\htdocs\base">
Original Line(s): Options Indexes FollowSymLinks

Change to: Options -Indexes

Original Line(s): DirectoryIndex index.html
Change to: DirectoryIndex base_main.php
Scroll all the way to the bottom of the file and insert the next 26 lines of
code:
<IfModule fcgid_module>
FcgidInitialEnv PHPRC "d:\winids\php"
FcgidInitialEnv PATH "d:\winids\php;c:\Windows\system3
FcgidInitialEnv SystemRoot "c:\Windows"
FcgidInitialEnv SystemDrive "c:"
FcgidInitialEnv TEMP "c:\Windows\Temp"
FcgidInitialEnv TMP "c:\Windows\Temp"
FcgidInitialEnv windir "c:\Windows"
FcgidIOTimeout 40
FcgidConnectTimeout 10
FcgidMaxProcesses 8
FcgidOutputBufferSize 64
ProcessLifeTime 0
FcgidMaxRequestsPerProcess 0
FcgidMinProcessesPerClass 0
FcgidMaxProcesses 50
FcgidFixPathinfo 0
FcgidZombieScanInterval 20
FcgidMaxRequestLen 536870912
FcgidIOTimeout 120
<Files ~ "\.php$">
Options Indexes FollowSymLinks ExecCGI
AddHandler fcgid-script .php
FcgidWrapper "d:/winids/php/php-cgi.exe" .php
</Files>
</IfModule>
Adding Apache2 to the Windows Services Database
At the CMD prompt type 'd:\winids\apache24\bin\httpd.exe -k install' (less

The 'User Alert Security' dialog box may appear requesting permission to
allow the 'Apache HTTP Server' to communicate with the private internal
network, and left-click 'Allow access'.
You should see the following as a confirmation that the Apache service

has been successfully installed, and the Apache configuration file has
been tested.
Installing the Apache2.4 service

The Apache2.4 service is successfully installed.
Testing httpd.conf....
Errors reported here must be corrected before the service ca
Do not proceed until the Apache2.4 has been successfully installed,

and all errors reported above have been corrected.
At the CMD prompt type 'net start apache2.4' (less the outside quotes), and
Testing Apache2, and the PHP installation
At the CMD prompt type 'copy d:\temp\test_php.php

d:\winids\apache24\htdocs\base' (less the outside quotes), and tap the
'Enter' key.
Open a web-browser and type 'http://winids/test_php.php' (less the outside

quotes) into the URL Address box, and tap the 'Enter' key.
Note: There is a possibility Edge may require additional privileges to

open, and Internet Explore should be used if this happens.
Several sections of information concerning the status and install of PHP

should be displayed.
In the first section of information make SURE that the item labeled
'Loaded Configuration File' is pointing to 'd:\winids\php\php.ini' (less the
outside quotes).
In the section labeled 'Configuration - PHP Core' (less the outside quotes)
make SURE that the item labeled 'extension_dir' is pointing to
'd:\winids\php\ext' (less the outside quotes) in columns 'Local Values' (less
the outside quotes), and 'Master Values' (less the outside quotes).
In the section labeled 'Configuration - PHP Core' (less the outside quotes)
make SURE that the item labeled 'include_path' is pointing to
'd:\winids\php;d:\winids\php\pear' (less the outside quotes) in columns
'Local Values' (less the outside quotes), and 'Master Values' (less the
outside quotes).
In the section labeled 'session' (less the outside quotes) make SURE that

the item labeled 'session.save_path' is pointing to 'c:\windows\temp' (less

the outside quotes) in columns 'Local Values' (less the outside quotes),
and 'Master Values' (less the outside quotes).
Do not proceed until all the above paths are correct!
eXit the web-browser.
At the CMD prompt type 'del d:\winids\apache24\htdocs\base\test_php.php'

Adding Snort to the Windows Services Database
At the CMD prompt type 'cd /d d:\winids\snort\bin' (less the outside quotes),


Interface Cards.

----- ---------------- ----------
1 00:0C:29:25:B4:96 0000:0000:fe80:0000:0000:000

(WinIDS).
At the CMD prompt type 'snort /SERVICE /INSTALL -c

d:\winids\snort\etc\snort.conf -l d:\winids\snort\log -ix' (less the outside
Network Interface Card added to the 'x' above.
This will install Snort into the Windows Services Database.
The following is a confirmation that the Snort service was successfully

added to the Windows Services Database. 
[SNORT
[S O SERVICE]
S C ] Att
tt ti t i t ll th S t
www.winsnort.com/tutorials/article/4-installing-an-apache2-web-server-logging-events-to-a-mysql-database/
i 20/33
[SNORT_SERVICE] Attempting to install the Snort service.
[SNORT_SERVICE] The full path to the Snort binary appears t
D:\winids\snort\bin\snort /SERVICE
[SNORT_SERVICE] Successfully added registry keys to:
\HKEY_LOCAL_MACHINE\SOFTWARE\Snort\
[SNORT_SERVICE] Successfully added the Snort service to the
Do not proceed until the Snort service has been successfully added
to the Windows Services Database.
At the CMD prompt type 'sc config snortsvc start= auto' (less the outside
The following is a confirmation that the Snort auto-start service has been
successfully activated.
[SC] ChangeServiceConfig SUCCESS
Do not proceed until the Snort auto-start service has been

SUCCESSfully activated.
Configuring the MySQL Database Server
Open a CMD window and type 'notepad2 d:\winids\mysql\my.ini' (less the

Use the find and locate the line '[mysqld]' (less the outside quotes), and
just below add the next two lines.
character-set-server=utf8
bind-address=127.0.0.1
Creating the Windows Intrusion Detection System Databases

At the CMD prompt type 'mysql -u root -pd1ngd0ng' (less the outside
You will be dropped into the MySQL administration console CMD prompt.
At the mysql CMD prompt type 'create database snort;' (less the outside

It will display 'Query OK...' and drop back to the mysql prompt.
At the mysql CMD prompt type 'create database archive;' (less the outside
It will display 'Query OK...' and drop back to the mysql prompt.
At the mysql CMD prompt type 'show databases;' (less the outside quotes),
There should be several databases listed, 'information_schema', 'archive',

'mysql', and 'snort'.
Creating the Windows Intrusion Detection System Database Tables

At the mysql CMD prompt type 'connect snort;' (less the outside quotes),
It will display 'Current database: snort' and drop back to the mysql prompt.
At the mysql CMD prompt type 'source

d:\winids\barnyard2\schemas\create_mysql' (less the outside quotes), and
It will display multiple 'Query OK, 1 rows affected (0.0? sec)' entries and
drop back to the mysql prompt.

d:\winids\apache24\htdocs\base\sql\create_base_tbls_mysql.sql' (less the
The last entry to the screen should show 'Records: 4 Duplicates: 0

Warnings: 0' (less the outside quotes), and drop back to the mysql
prompt.
At the mysql CMD prompt type 'show tables;' (less the outside quotes), and
The last entry to the screen should show '22 rows in set (0.00 sec)' (less
the outside quotes), and drop back to the mysql prompt.
At the mysql CMD prompt type 'connect archive;' (less the outside quotes),
It will display 'Current database: archive' and drop back to the mysql
prompt.


d:\winids\barnyard2\schemas\create_mysql' (less the outside quotes), and
It will display multiple 'Query OK, 1 rows affected (0.0? sec)' entries and
drop back to the mysql prompt.

d:\winids\apache24\htdocs\base\sql\create_base_tbls_mysql.sql' (less the
The last entry to the screen should show 'Records: 4 Duplicates: 0

Warnings: 0' (less the outside quotes), and drop back to the mysql
prompt.
At the mysql CMD prompt type 'show tables;' (less the outside quotes), and
The last entry to the screen should show '22 rows in set (0.00 sec)' (less
the outside quotes), and drop back to the mysql prompt.
Creating the Windows Intrusion Detection System Database Access,

and Authenticated Users
At the mysql CMD prompt type 'CREATE USER 'snort' IDENTIFIED BY
'l0gg3r';' (less the outside quotes), and tap the 'Enter' key.
It will display 'Query OK' and drop back to the mysql prompt.
At the mysql CMD prompt type 'GRANT INSERT,SELECT,UPDATE ON

snort.* TO 'snort';' (less the outside quotes), and tap the 'Enter' key.
At the mysql CMD prompt type 'CREATE USER 'base' IDENTIFIED BY

'an@l1st';' (less the outside quotes), and tap the 'Enter' key.
At the mysql CMD prompt type 'GRANT

INSERT,SELECT,UPDATE,DELETE,CREATE ON snort.* TO 'base';' (less

At the mysql CMD prompt type 'GRANT

INSERT,SELECT,UPDATE,DELETE,CREATE ON archive.* TO 'base';' (less
At the mysql CMD prompt type 'use mysql;' (less the outside quotes), and
At the mysql CMD prompt type 'select user from user;' (less the outside
There should be several users listed, including base, and snort
At the mysql CMD prompt type 'quit;' (less the outside quotes), and tap the
'Enter' key.
Confirming MySQL and Snort are operational
At the CMD prompt type 'net stop mysql & net start mysql' (less the outside
quotes), and tap the 'Enter'.
At the CMD prompt type 'net start snort' (less the outside quotes), and tap
the 'Enter' key.
At the CMD prompt type 'taskmgr.exe' (less the outside quotes), and tap the
'Enter' key.
The 'Windows Task Manager' starts, in the bottom left-click and check 'Show
processes from all users', left-click the 'Processes' tab, in the 'Image name'
category 'snort.exe', and 'mysqld.exe' should be listed as a process.
Do not proceed until the processes above are running!
eXit the 'Task Manager'.
Configuring BASE the Windows Intrusion Detection

Systems (WinIDS) Security Console
At the CMD prompt type 'copy

d:\winids\apache24\htdocs\base\base_conf.php.dist
d:\winids\apache24\htdocs\base\base_conf.php' (less the outside quotes),
Should display '1 file(s) copied.', and return to the CMD prompt. 
At the CMD prompt type 'rename d:\temp\opensource.gz opensource.tar.gz'

At the CMD prompt type 'tartool d:\temp\opensource.tar.gz

d:\winids\apache24\htdocs\base\signatures' (less the outside quotes), and
The above command may take a few minutes to complete as its moving
twenty thousand plus files.
At the CMD prompt type 'notepad2

d:\winids\apache24\htdocs\base\base_conf.php' (less the outside quotes),
below.
Original Line(s): $BASE_urlpath = '';

Change to: $BASE_urlpath = 'http://winids';
Original Line(s): $DBlib_path = '';

Change to: $DBlib_path = 'd:\winids\adodb5';
Original Line(s): $DBtype = '?????';

Change to: $DBtype = 'mysql';
Original Line(s):
$alert_dbname = 'snort_log';
$alert_host = 'localhost';
$alert_port = '';
$alert_user = 'snort';
$alert_password = 'mypassword';
Change to:
$alert_dbname = 'snort';
$alert_host = 'winids';
$alert_port = '';
$alert_user = 'base';
$alert_password = 'an@l1st';
Original Line(s):
$archive_exists = 0; # Set this to 1 if you have an archive

$archive_dbname = 'snort_archive';
$archive_host = 'localhost'; 
$archive_port = '';
$archive_user = 'snort';
$archive_password = 'mypassword';
Change to:
$archive_exists = 1; # Set this to 1 if you have an archive

$archive_dbname = 'archive';
$archive_host = 'winids';
$archive_port = '';
$archive_user = 'base';
$archive_password = 'an@l1st';
Original Line(s): $show_rows = 48;

Change to: $show_rows = 90;
Original Line(s): $resolve_IP = 0;

Change to: $resolve_IP = 1;
Original Line(s): $show_expanded_query = 0;

Change to: $show_expanded_query = 1;
Original Line(s): $portscan_file = '';

Change to: $portscan_file = 'd:\winids\snort\log\portscan.log';
Original Line(s): $colored_alerts = 0;

Change to: $colored_alerts = 1;
Original Line(s): $priority_colors = array

('FF0000','FFFF00','FF9900','999999','FFFFFF','006600');
Change to: $priority_colors =
array('000000','FF0000','FF9900','FFFF00','999999');
Original Line(s): $graph_font_name = "DejaVuSans";

Change to: // $graph_font_name = "DejaVuSans";
Original Line(s): // $graph_font_name = "";

Change to: $graph_font_name = "";
Original Line(s): //$Geo_IPfree_file_ascii = "/var/www/html/ips-ascii.txt";

Change to: $Geo_IPfree_file_ascii = "d:\winids\apache24\htdocs\base\ips-
ascii.txt";

Installing The PHP Extension and Application Repository

(PEAR)
At the CMD prompt type 'copy d:\temp\go-pear.phar d:\winids\php' (less the

At the CMD prompt type 'cd /d d:\winids\php' (less the outside quotes), and
At the CMD prompt type 'php go-pear.phar' (less the outside quotes), and
At the next prompt tap the 'Enter' key to install 'System-Wide' PEAR.
At the next prompt tap the 'Enter' key.
At the 'Press any key to continue . . .', press any key to exit back to the CMD
prompt.
Configuring Graphing for the Windows Intrusion Detection

Systems (WinIDS) Security Console
At the CMD prompt type 'unzip -oqq d:\temp\graphing.zip -d

d:\winids\php\tmp' (less the outside quotes), and tap the 'Enter' key.
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Auth_SASL-

1.1.0.tgz' (less the outside quotes), and tap the 'Enter' key.
Should display 'install ok: channel://pear.php.net/Auth_SASL-1.1.0', and
return to the CMD prompt.
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Math_BigInteger-

Should display 'install ok: channel://pear.php.net/Math_BigInteger-1.0.3',
and return to the CMD prompt.
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Net_Socket-

Should display 'install ok: channel://pear.php.net/Net_Socket-1.2.2', and

At the CMD prompt type 'pear install -O d:\winids\php\tmp\Net_SMTP-

Should display 'install ok: channel://pear.php.net/Net_SMTP-1.8.1', and

At the CMD prompt type 'pear install -O d:\winids\php\tmp\Mail-1.4.1.tgz'

Should display 'install ok: channel://pear.php.net/Mail-1.4.1', and return to
the CMD prompt.
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Mail_Mime-

Should display 'install ok: channel://pear.php.net/Mail_Mime-1.10.2', and
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Numbers_Words-

Should display 'install ok: channel://pear.php.net/Numbers_Words-0.18.2',
At the CMD prompt type 'pear install -O

d:\winids\php\tmp\Numbers_Roman-1.0.2.tgz' (less the outside quotes), and
Should display 'install ok: channel://pear.php.net/Numbers_Roman-1.0.2',
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Image_Color-

Should display 'install ok: channel://pear.php.net/Image_Color-1.0.4', and
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Image_Canvas-

Should display 'install ok: channel://pear.php.net/Image_Canvas-0.3.5',
At the CMD prompt type 'pear install -O d:\winids\php\tmp\Image_Graph-

Should display 'install ok: channel://pear.php.net/Image_Graph-0.8.0', and
At the CMD prompt type 'pear list -a' (less the outside quotes), and tap the
'Enter' key.
The above command line will list all the installed pear packages that are
required for the graphing capabilities of BASE, the Windows Intrusion
Detection Systems (WinIDS) web based GUI security console.
INSTALLED PACKAGES, CHANNEL PEAR.PHP.NET:

=========================================
PACKAGE
Archive_Tar
VERSION STATE
1.4.3 stable

Auth_SASL 1.1.0 stable

Console_Getopt 1.4.1 stable
Image_Canvas 0.3.5 alpha
Image_Color 1.0.4 stable
Image_Graph 0.8.0 alpha
Mail 1.4.1 stable
Mail_Mime 1.10.2 stable
Math_BigInteger 1.0.3 stable
Net_SMTP 1.8.1 stable
Net_Socket 1.2.2 stable
Numbers_Roman 1.0.2 stable
Numbers_Words 0.18.2 beta
PEAR 1.10.5 stable
Structures_Graph 1.1.1 stable
XML_Util 1.4.2 stable
Do not proceed until all the highlighted PEAR packages above has
been successfully installed.
At the CMD prompt type 'copy

d:\winids\apache24\htdocs\base\world_map6.*
d:\winids\php\pear\image\graph\images\maps' (less the outside quotes), and
Configuring Barnyard2
At the CMD prompt type 'notepad2 d:\winids\barnyard2\etc\barnyard2.conf'

below.
Original Line(s):
config reference_file: /etc/snort/reference.config

config classification_file: /etc/snort/classification.config
config gen_file: /etc/snort/gen-msg.map
config sid_file: /etc/snort/sid-msg.map
Change to:
config reference_file: d:\winids\snort\etc\reference.conf

config classification_file: d:\winids\snort\etc\classification
config gen_file: d:\winids\snort\etc\gen-msg.map
config sid_file: d:\winids\snort\etc\sid-msg.map

Original Line(s): # config event_cache_size: 4096

Change to: config event_cache_size: 32768
Original Line(s): #output database: log, mysql, user=root password=test

dbname=db host=localhost
Change to: output database: log, mysql, user=snort password=l0gg3r
dbname=snort host=winids sensor_name=Master
Testing the Barnyard2 configuration file
At the CMD prompt type 'd:\winids\activators\by2-test' (less the outside

This will start Barnyard2 in self-test mode for configuration testing, and
depending on the resources used and/or available it could take up to 30
minutes to run the self-test mode.
If all the tests are passed, the following is a confirmation that the
Barnyard2 configuration file is good.
Barnyard2 successfully loaded configuration file!

Barnyard2 exiting
database: Closing connection to database "snort"
Do not proceed until Barnyard2 has successfully loaded the

configuration file, eXited Snort, and closed the connection to
database!
Adding Barnyard2 to auto-run on user login
At the CMD window type 'd:\temp\auto-local-barnyard2.reg' (less the outside

The 'auto-barnyard.reg' file contains the run line for Barnyard2.
The Registry Editor selection box opens and asks; 'Are you sure you want to
add...', left-click 'Yes', and at the next input selection left-click 'OK'.
At the CMD prompt type 'shutdown /r /t 10' (less the outside quotes), and
tap the 'Enter' key to reboot. 
When the system is rebooted, Barnyard2 will be running in a Minimized

window located in the Windows task bar. Opening the Barnyard2 CMD
window will display the events as they are being shuttled to the database.
Starting the Windows Intrusion Detection Systems

(WinIDS) Security Console
Open a web-browser and type 'http://winids' (less the outside quotes) into
the URL Address box, and tap the 'Enter' key.
After the reboot it could take several minutes for events to start populating
into the Windows Intrusion Detection Systems (WinIDS) Security
Console. Refreshing the browser will show new events when added. If no
events start to show up in a reasonable length of time, come visit the
forums for help on manually generating events.
In Conclusion
I hope this tutorial has been helpful to you. Please feel free to provide
feedback, both issues you experienced and recommendations that you
might have. The goal of this tutorial was not just for you to create a
Windows Intrusion Detection System (WinIDS) using the most advanced
intrusion detection engine known as Snort, but to understand how all the
parts work together, and get a deeper understanding of all the components,
so that you can troubleshoot and modify your Windows Intrusion Detection
System (WinIDS) with confidence.
At this point you are done with this tutorial, events should be arriving into the
database, and you should be seeing events in the local Windows Intrusion
Detection Systems (WinIDS) Security Console. I encourage you to perform
some post-installation tasks needed to get a fully production-ready
'Windows Intrusion Detection System (WinIDS)'.
This includes:
Tuning your rules and preprocessors.

Tuning Snort thresholds and limit values.
Adding user authentication to the Windows Intrusion Detection
Systems (WinIDS) Security Console.
Securing your host (Maybe changing the default database user
access, disabling unneeded services, etc.).
Configure a system, such as PulledPork to auto-update the Windows
Intrusion Detection Systems (WinIDS) rules and signatures.

Security Issues
Lets review what has happens so far:
All support programs, including 'Apache2' have been installed to a

separate partition, which closed a multitude of security holes.
The Windows Intrusion Detection Systems (WinIDS) Security
Console can ONLY be accessed locally.
Optional Companion Documents
Be SURE to check out the available 'Companion Add-on Documents' to

enhance the Windows Intrusion Detection System (WinIDS) experience.
How to Install Pulledpork for rule management in an existing

Windows Intrusion Detection System (WinIDS) Master/Slave
sensor.
This tutorial will show how to Install Pulledpork for rule management
in an existing Windows Intrusion Detection System (WinIDS)
Master/Slave sensor.
How to add Event Logging to a local Syslog Server.

This tutorial will show how to configure Snort to send events to a local
Syslog Server, on an existing Windows Intrusion Detection System
(WinIDS).
How to add Event Logging to a remote Syslog Server.

This tutorial will show how to configure Snort to send events to a
remote Syslog Server from an existing Windows Intrusion Detection
System (WinIDS).
How to compile Barnyard2 on Windows using Cygwin for

PostgreSQL database support
This tutorial is a simple to understand, step-by-step tutorial for
Compiling Barnyard2 on Windows using Cygwin (UNIX emulator) for
PostgreSQL database support.
How to build and deploy a passive Ethernet tap

This tutorial will show how to build and deploy a passive Ethernet tap.
Updating the Windows Intrusion Detection Systems

(WinIDS) Major components
How to update the Snort Intrusion Detection Engine

This tutorial will show How to update the Windows Intrusion Detection
Systems Snort Intrusion Detection Engine. 
How to update the Rules, Signatures, and sig-msg.map file

This tutorial will show how to update the Windows Intrusion Detection
Systems rules, signatures, and the 'sig-msg.map' file.
Debugging Installation errors
Check the Event Viewer as most of the support programs will throw FATAL
errors into the Windows Application log.
General tutorial issues
For general problem issues that pertain to this specific tutorial, left-click the
get community support button at the top of this tutorial, or manually navigate
to the correct community support forum pertaining to this specific tutorial.
Feedback
I would love to get feedback from you about this tutorial. Any
recommendations, or ideas, please leave feedback HERE.
Michael E. Steele | Microsoft Certified System Engineer (MCSE)

Email Support: support@winsnort.com
Snort: Open Source Network IDS - www.snort.org
Report this tutorial  Like this
 PREVIOUS TUTORIAL
Installing an Apache2 Web
GO TO TUTORIAL LISTING
Installing a Windows Intrusion 
        
 Home  Tutorials   Unread Content  Mark site read

Installing a Windows Intrusion Detection System (WinIDS) 
Installing an Apache2 Web Server logging events to a MySQL Database
Theme  Privacy Policy Contact Us

Copyright © 2002-2019 WinSnort ®. All Rights Reserved
Community Software by Invision Power Services, Inc.


Installing An Apache2 Web Server Logging Events To A Mysql Database

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Installing An Apache2 Web Server Logging Events To A Mysql Database

Uploaded by

Copyright:

Available Formats

24/7/2020 Installing an Apache2 Web Server logging events to a MySQL Database - Installing a Windows Intrusion Detection System (WinIDS)…

Browse Activity About Us Search... 

Forums Downloads Tutorials Member Map Guidelines

Installing an Apache2 Web Server Follow 0

logging events to a MySQL Database

How to Install a Windows Intrusion Detection

Running Apache2, and logging events to a

Get Community Support!

This document is Copyright © 2002-2020 Michael Steele. All rights

All copyrights are owned by their owners, unless specifically noted

Support Questions and Help

All general support questions related to a specific tutorial MUST be directed

There is a Client Only Lounge where all advanced questions/problems

This is a basic Windows Intrusion Detection System

Microsoft's Windows operating systems are used exclusively for these

It is highly recommended to start with a fresh install of one of the

If this is a commercial installation and Windows 10 is a requirement, it is

or all the PCs in an organization. The LTSC edition of Windows 10

See LTSC: What is it, and when it should be used.

Windows x64 7 Professional

Major support programs used in this install

Npcap allows 3rd party applications such as Snort to capture and

How this Hardware and Software was prepped for this

A fresh install of any version of Windows listed above is highly 

The Windows Intrusion Detection System (WinIDS) will fail if the

The Windows Intrusion Detection System (WinIDS) will fail if the

Prepping for the Windows Intrusion Detection

Downloading and extracting the core Windows Intrusion

It is imperative to only use the files included in the 'WinIDS - Core

Download and save the 'WinIDS - Core Software Support Pack' to a

Downloading additional, and required support files for all

npcap-0.9995: Download and save the file to the d:\temp folder.

The next download requires the installer to be a registered user on the

Navigate to the snort.org website and either login or create a new

snortrules-snapshot-29160: Download and save the file to the

Rule Documentation (opensource.gz): Download and save the file

MySQL Database 8.0.21.0: Download and save the file to the

Installing the core support files, and making basic

It is important when asked to 'Open a CMD window with Administrator

It is also important when asked to 'Close a CMD window' it is done, or the

Note: The user installing this tutorial MUST be a member of the

Instructions on starting a command prompt as an Administrator

In the Windows Search box, type cmd, and then press

Windows 8.x / 10 / 2012 R2 SE / 2016 SE / 2019 SE: The original Windows

Windows 8.x / 10 / 2012 R2 SE / 2016 SE / 2019 SE: Open a CMD window

The following is a confirmation that the '.NET Framework 3.5 Features'

Deployment Image Servicing and Management tool

Do not proceed until 'The operation completed successfully.', and

Windows All: Open a CMD window with Administrator privileges if one is

the 'Enter' key.

Allow the script to automatically reboot the system! DO NOT

The modder.vbs file preforms several tasks:

Installs Microsoft Visual C++ 2012/2013

Installing the Windows Intrusion Detection

Open a CMD window with Administrator privileges and type

The 'License Agreement' window opens, left-click 'I Agree'.

The 'Installation Options' window opens, uncheck everything, and then

The 'Installing' window opens, allow the install to complete.

The 'Installation Complete' window opens, left-click 'Next'.

The 'Finished' window opens, left-click 'Finish'.

Installing Snort, the Traffic Detection and Inspection

At the CMD prompt type 'd:\temp\Snort_2_9_16_Installer.x64.exe' (less the

The 'License Agreement' window opens, left-click 'I Agree'.