Snort mailing list archives
centralized mysql collation
From: "David E. Wach" <david () ignw com>
Date: Tue, 5 Feb 2002 11:51:37 -0800
Hello all, I'm currently running snort at 3 remote sites with logging going to the local mysql daemon on each sensor. I'm using the binary logging in mysql and transfer the logs periodically to my central log server. I then run the binary logs through mysqlbinlog to "replay" the sql and insert the events into my main database. This way I don't have to leave a connection up to each of the sites 24/7. The problem i'm running into is the way the mysql schema is set up. Since the entries in the "signature" table are inserted on-the-fly on the remote databases, they don't match the "signature" table on my master database. What might be "WEB-IIS _mem_bin access" on one IDS server ends up being "Traceroute UDP" on the other. Any ideas on how to get all the signatures to correlate to each other? I've got the same problem with the references too. Anybody else run into this and come up with a solution? Thanks for any insight, -david -- =============================================== David E. Wach Senior Managed Security Architect david () ignw com InfoGroup Northwest 541.485.0957 x168 =============================================== _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- centralized mysql collation David E. Wach (Feb 05)