[Snort-devel] Re: [Snort-users] Distributed Snort
bmc at ...835...
Fri Nov 15 10:54:06 EST 2002
On Thu, Nov 14, 2002 at 01:54:14PM -0600, Matthew Callaway wrote:
> I just thought I'd throw in my two cents on this issue. Here's an idea
> that skips all the new development work you're talking about.
> In your "distributed snort" environment, have each sensor log packets to
> unified format log files. Have these log files encrypted by the
> log-rotation process (via gpg) and mailed to your central server.
> Receive the log files, de-crypt them, then run barnyard on your spooled
> log files to feed the database.
Eww... I'd prefer having snort log to unified files, then from a
centralized location, scp logs from the sensors, use barnyard to
More information about the Snort-devel