Re: Problem with using 2 sensors

[James Lay <jlay () slave-tothe-box net>]

From:  Mike Boeckeler <boeckelr () gmail com>
Date:  Fri, 7 Oct 2011 21:19:34 -0400
To:  Snort <snort-users () lists sourceforge net>
Subject:  Re: [Snort-users] Problem with using 2 sensors


Hi everyone,
I wanted to thank all of you for giving such detailed responses.  I am
going to try to tackle this again tonite and this weekend.

I posted my original message at the bottom of this in case you forgot the
issues involved...after reading thru all of your responses I have another
question or two:

OK, so I will set up two instances of Snort, Barnyard2, 2 unique unified2
files etc.....but what about MySQL?  Will the single MySQL database work
with this setup?  Or will I need to create a unique database for each
sensor....and then a unique install of BASE for each sensor?

Thanks again!
Mike

BTW I don't know where I got the -E command line option from.




Hi Mike,

Luckily, one mysql instance is all you need...it can handle all the snort
instances you can throw at it.

James



------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!