Added second snort sensor to an IDS system - mixed alerts with th e first sensor

["Ghercoias, Catalin" <CGhercoias () TWEC COM>]

Hello everybody,

I have installed a snort IDS system composed from an management station with
MySQL as well as the snortcenter and ACID for querying the database.
To this management station an snort agent (installed on a different machine)
is sending data to the MySQL
database using 3306 port. The snortagent it is accessed by the snortcenter 
running on the management station) over 2525 port in SSL mode. 
The database can be queried with ACID. Everything works perfect. 
All these are running on RedHat 7.3 and I followed by letter the manual
published on snort web site.

Now, I've added a second sensor to this picture. I'm able to connect to it
using snortcenter, to push rules, start-stop. I'm able to see also the
alerts generated by this second sensor in ACID. The problem that I'm having
with this system is  that in ACID (and in MySQL tables) it is reported only
_one_ sensor, although are _two_ and also is mixing the alerts from one
sensor with another.

Your help it will be greatly appreciated.

Thank you,

Catalin Ghercoias.
mailto:cghercoias () twec com



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users