Snort mailing list archives

multiple sensors, one db

From: Jari Pirhonen <lists () atbusiness com>
Date: Tue, 22 May 2001 12:37:53 +0300

Hi,

We want to install multiple snort-sensors which should log in one
database. We would like to keep log-db in our internal network. We are
not going to open our fw to allow Snort to contact our internal network
directly. We are planning to use ACID also.

Does anyone have any good architecture suggestions?

Does MySQL replication features help? Internal db could use replication
to fetch information from Snort-specific databases. Can I  log several
Snort-sensors in ONE database or do I need separate instances for each
Snort-sensor?

Is it possible to use ACID to search from several Snort-logs or so we
need to handle each Snort-logs separately? Is there a better way to get
"big picture" from several Snort-sensors?

Jari

--

Jari Pirhonen
japi () atbusiness com



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

multiple sensors, one db Jari Pirhonen (May 22)