Snort mailing list archives
Re: Any HOWTO for merging separate snort IDS's into central DB?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sat, 21 Dec 2002 21:24:52 +1300
Benjamin Hippler wrote:
I am managing snort systems in Sweden, East and West Coast USA and New Zealand. Try centralizing that without running the risk of DoSing your WAN links...hi, i have currently 3 sensors (will become more) for 4 C nets logging into one central MySQL DB and works fine. Why do you still want to write the logs/entries locally? if you give all your boxes the same mysql hostname to write the logs you dont have to merge all your stuff afterwards.
I have personally seen snort produce 300 alerts/sec due to one of these networks having extremely odd SNMP traffic triggering it. If I had central logging, I would have taken down our company's WAN... (100Mbs monitored links don't go down T1 WAN links very well...)
Jason ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Any HOWTO for merging separate snort IDS's into central DB? Cloppert, Michael (Dec 20)
- <Possible follow-ups>
- RE: Any HOWTO for merging separate snort IDS's into central DB? Benjamin Hippler (Dec 21)
- Re: Any HOWTO for merging separate snort IDS's into central DB? Jason Haar (Dec 21)
- Re: Any HOWTO for merging separate snort IDS's into central DB? Andrea Barisani (Dec 21)
- RE: Any HOWTO for merging separate snort IDS's into central DB? Cloppert, Michael (Dec 24)