Snort mailing list archives
Re: Snort and ACID on separate systems?
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 18 Jun 2002 14:47:24 -0700 (PDT)
On Tue, 18 Jun 2002, Djinn D'Angel wrote:
I have been running Snort in my environment for quite some time and using Snortsnarf as a psudo-reporting mechanism. I want to move to using ACID for reports and database storage of alerts, but I also want to be able to have Snort and ACID running on separate systems. I have not been able to find any good documentation on implementing Snort and ACID in this way. Can someone make a suggestion where I might look?
Actaully, it's very simple. On the DB output line, just change 'localhost' or 127.0.0.1 into the machine you've got MySQL on. Make sure that snortuser () sensorname domain com has access to the tables. That's about it--IIRC. :) Just don't put your MySQL box in the DMZ. ;-) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ---------------------------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and ACID on separate systems? Djinn D'Angel (Jun 18)
- Re: Snort and ACID on separate systems? Greg Robinson (Jun 18)
- Re: Snort and ACID on separate systems? Erek Adams (Jun 18)