Snort mailing list archives
Multiple sensors one database
From: "Atkins, Dwane P" <ATKINSD () uthscsa edu>
Date: Tue, 12 Apr 2011 21:03:19 +0000
Good afternoon, We are running two snort devices and attempting to get them both to record to one mysql database. Created database snort. Assigned permissions to sensor1@10.10.10.10<mailto:sensor1@10.10.10.10> and sensor2@10.10.10.11<mailto:sensor2@10.10.10.11>. I installed Snort 2.9.0.5 schema so that databases would all look the same. Yes, I did have a single mysql database on each sensor but was told in that in order to run a particular Application, I would need a single database. We are using Snort 2.9.0.5 on Ubuntu 10.04.01 LTS. We are using Barnyard2. In the Barnyard2.conf file, we have an entry, "output database: log, mysql, user=snort password=snortpass dbname=snort host=10.10.12.1 sensor_name='sensor1' and have an identical entry for the second sensor. I have not made any configuration changes the my.cnf. It currently binds to 127.0.0.1 but should I have it bind to the Master # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 10.10.12.1 Is there anywhere else I need to check? Do I need to shutdown mysql on each sensor now? Thank you Dwane
------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple sensors one database Atkins, Dwane P (Apr 12)
- Re: Multiple sensors one database beenph (Apr 12)
- Re: Multiple sensors one database Atkins, Dwane P (Apr 12)
- Re: Multiple sensors one database Atkins, Dwane P (Apr 13)
- Re: Multiple sensors one database beenph (Apr 13)
- Re: Multiple sensors one database Atkins, Dwane P (Apr 12)
- Re: Multiple sensors one database beenph (Apr 12)