jed at ...153...
Tue Oct 24 19:58:35 EDT 2000
> I would like to deploy standalone sensors that report back to a single MySQL
> database. I have the database working fine on a central platform (FreeBSD
> 4, Snort 1.70 Beta and MySQL 3.22). However, when I compile/install/run
> Snort 1.70 on a remote machine, configured to report to the central server,
> it wants to use the MySQL server running locally. (I'd prefer not even to
> install MySQL client/server on the remote machine.)
> What am I missing? I thought this would be the function of the
> "host=hostname" parameter on the locally executed Snort rules?
Hmmm.. I am not sure I understand the issue. Are you having trouble
logging to a database on a remote host? If so send me a copy of your
configuration and the messages snort displays where the problem is.
The sensor machines will not require the full mysql distro... They
will only need the mysqlclient library.
More information about the Snort-users