Snort mailing list archives

Multiple databases with snort

From: "Counselman, Chris Contractor/Sverdrup" <chris.counselman () us army mil>
Date: Wed, 12 Mar 2003 10:54:54 -0600

RH 8.0, ACID .9.6b22, snort 1.9.1, mysql
 
I would like to setup snort to log to two databases at once. I would like to do
this so I can have a real-time database that analysts can look at and delete
alerts that have already been viewed and and archive database. I have tried
setting up ACID to archive but sometimes it will and sometimes it won't, I keep
getting duplicate alerts ignored errors. This is so frequent the archive feature
in ACID is practically unusable. Can you log to two databases at once from the
same box without running multiple instances of snort? Is there any program out
there that will archive better than ACID?
 
Thanks, Chris

Current thread:

Multiple databases with snort Counselman, Chris Contractor/Sverdrup (Mar 13)
- Re: Multiple databases with snort Jon (Mar 13)
- <Possible follow-ups>
- RE: Multiple databases with snort Hutchinson, Andrew (Mar 13)