[Snort-users] Re: Project PigRoast and logging...
yonah at ...569...
Wed Oct 11 13:27:41 EDT 2000
just out of curiosity, is the mysql traffic encrypted in anyway? has
anyone configured snort to log to a database through an ssl tunnel?
On Wed, 11 Oct 2000, Gregor Binder wrote:
> Jason Haar on Wed, Oct 11, 2000 at 04:04:18PM +1300:
> > Why bother with grotty old syslog when you can have several snort servers
> > dumping to the same SQL server?
> for real-time alerts.
> I am using syslog-ng to do this, and I have to say I'm quite happy
> with it.
> > I mean syslog is UDP and lossy, etc, etc....
> I can't say much about MySQL, but an SQL server is a more complex
> system than a syslog server, thus it has a higher potential of failure
> and scaling it is more expensive. Achieving high availability is more
> difficult, expensive and error prone than doing this with a syslog
> I think collecting intrusion data in a database is a good idea, but I
> wouldn't use it as the only means to do so, and I would be careful
> not to make it the SPOF of my intrusion detection system.
> syslog-ng can do logging over tcp as well, btw.
Email: <yonah at ...570...>
PGP: 0x7C3C2524 <ldap://certserver.pgp.com>
"Quote me as saying I was misquoted."
More information about the Snort-users