Snort mailing list archives
RE: Multiple databases with snort
From: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Date: Thu, 13 Mar 2003 08:40:16 -0600
Yes, snort will log to multiple db's simultaneously. You just have to set up multiple output directives in the snort.conf file. Andrew Hutchinson - Network Security Vanderbilt University Medical Center (615) 936-2856 -----Original Message----- From: Counselman, Chris Contractor/Sverdrup [mailto:chris.counselman () us army mil] Sent: Wednesday, March 12, 2003 10:55 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Multiple databases with snort RH 8.0, ACID .9.6b22, snort 1.9.1, mysql I would like to setup snort to log to two databases at once. I would like to do this so I can have a real-time database that analysts can look at and delete alerts that have already been viewed and and archive database. I have tried setting up ACID to archive but sometimes it will and sometimes it won't, I keep getting duplicate alerts ignored errors. This is so frequent the archive feature in ACID is practically unusable. Can you log to two databases at once from the same box without running multiple instances of snort? Is there any program out there that will archive better than ACID? Thanks, Chris
Current thread:
- Multiple databases with snort Counselman, Chris Contractor/Sverdrup (Mar 13)
- Re: Multiple databases with snort Jon (Mar 13)
- <Possible follow-ups>
- RE: Multiple databases with snort Hutchinson, Andrew (Mar 13)