Any HOWTO for merging separate snort IDS's into central DB?

[Jason Haar <Jason.Haar () trimble co nz>]

For network protection we're running snort on separate boxes with local
MySQL databases. However, once a month (say) I'd like to pull those SQL logs
together into a "meta-DB" so that we can look at the IDS network as a whole.

Obviously snort on these standalone systems are re-using the same id numbers
for different things, so I was wondering if anyone had written a script that
could allow such separate databases to be pulled together as a consistent
offering. All our snort systems run the same release and same schema, so
there data is internally consistent.

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users