[Snort-users] Re: Project PigRoast and logging...

Yonah Russ yonah at ...569...
Wed Oct 11 13:27:41 EDT 2000


just out of curiosity, is the mysql traffic encrypted in anyway? has
anyone configured snort to log to a database through an ssl tunnel?
yonah


On Wed, 11 Oct 2000, Gregor Binder wrote:

> Jason Haar on Wed, Oct 11, 2000 at 04:04:18PM +1300:
> 
> Hi,
> 
> > Why bother with grotty old syslog when you can have several snort servers
> > dumping to the same SQL server?
> 
> for real-time alerts.
> 
> I am using syslog-ng to do this, and I have to say I'm quite happy
> with it.
> 
> > I mean syslog is UDP and lossy, etc, etc....
> 
> I can't say much about MySQL, but an SQL server is a more complex
> system than a syslog server, thus it has a higher potential of failure
> and scaling it is more expensive. Achieving high availability is more
> difficult, expensive and error prone than doing this with a syslog
> server.
> 
> I think collecting intrusion data in a database is a good idea, but I
> wouldn't use it as the only means to do so, and I would be careful
> not to make it the SPOF of my intrusion detection system.
> 
> syslog-ng can do logging over tcp as well, btw.
> 
> Greetings,
>   Gregor.
> 
> 

-- 
Email:		<yonah at ...570...>
Hompage:	<http://p-yonah.jct.ac.il/>
PGP:            0x7C3C2524 <ldap://certserver.pgp.com>

"Quote me as saying I was misquoted."
				--Groucho Marx




More information about the Snort-users mailing list