Snort mailing list archives
Re: SnortCenter and existing init s
From: "larc" <larc () pandora be>
Date: Fri 31 Jan 2003 18:21:38 +0100
Hi, It's best that you don't change snortcenter but change your init script. Change your script to something like this. cmd_line=`cat "/etc/snort/snort_cmd_line.eth0"` snort -D -i eth0 $cmd_line if you start snort like this with your init script you still have the same snort settings and you will also be able to encrypt the Mysql traffic. When you you use the management console to stop or restart snort, the ssh tunnel will still be active. Hope this helps, Stefan ------------------------ "McGuire, Dennis" <dmcguire () brierley com> wrote: ------------------------ All, I have an existing distributed IDS infrastructure (snort
1.8.7/ACID/MySQL) that I am now trying to manage using SnortCenter. I have existing customized init scripts on the sensors that I want to have SnortCenter use - this is because I forward port 3306 over ssh for traffic back to the centralized snort db, and the up/down of the tunnel is done within the init script for snort. It seems that SnortCenter doesn't use the init scripts on the sensor, at least from observation and reading sensor.php and index.cgi. Has anyone customized SnortCenter to use existing init scripts, or am I on my own? Thanks, Dennis SnortCenter and existing init scripts on sensors All, I have an existing distributed IDS infrastructure (snort 1.8.7/ACID/MySQL) that I am now trying to manage using SnortCenter. I have existing customized init scripts on the sensors that I want to have SnortCenter use - this is because I forward port 3306 over ssh for traffic back to the centralized snort db, and the up/down of the tunnel is done within the init script for snort. It seems that SnortCenter doesn't use the init scripts on the sensor, at least from observation and reading sensor.php and index.cgi. Has anyone customized SnortCenter to use existing init scripts, or am I on my own? Thanks, Dennis
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: SnortCenter and existing init s larc (Jan 31)