Snort mailing list archives

RE: Import 1 snortdb into another for "1 place monitoring"

From: "Michael Steele" <michaels () winsnort com>
Date: Mon, 15 Dec 2003 09:51:04 -0800

Just place another mysql output database line in snort.conf of the sending
sensor directing alerts to the receiving sensor (log to both at the same
time). You will also need to set the appropriate variables in the new output
database line to access the database on the receiving sensor. You can also
use sensor_name=xxxx at the end of that new output database line to
distinguish in ACID which sensor the alert came from. Don't forget to
restart Snort.

You could also use the existing output database line and change all the
variables to direct it to the remote MySQL database. If you do that, you can
shut down your Webserver (if that's all your using it for is ACID), and
MySQL, and save some resources. You can also use sensor_name=xxxx at the end
of that new output database line to distinguish in ACID which sensor the
alert came from. Don't forget to restart Snort.

Kindest regards,

The WINSNORT.com Management Team
--
Pick up your FREE Windows or UNIX Snort installation guides      
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

________________________________________
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of STEPHEN W.
COREY - 5535
Sent: Monday, December 15, 2003 8:13 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Import 1 snortdb into another for "1 place
monitoring"

I've got 2 snort boxes (Linux, MySQL), one on each side of my firewall. Can
I export all the data from one and import it into the other (On a nightly
basis)? I want to be able to see all my sensors in one ACID console.




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Import 1 snortdb into another for "1 place monitoring" STEPHEN W. COREY - 5535 (Dec 15)
- RE: Import 1 snortdb into another for "1 place monitoring" Michael Steele (Dec 15)