[Snort-users] Logging to a central database

Ed Padin ohdamnthathurts at ...131...
Fri Apr 27 11:45:19 EDT 2001


Encryption is not the only issue. If my snort boxen are compromised, a
presistent SSH tunnel be used to infiltrate further. I want to develop a
method by which catpure files are create and then retreived on aregular
basis for processing. I don't want to give the snort boxes a way to
establish connections back to my central subnet.


-----Original Message-----
From: Michael Boman [mailto:michael at ...1290...]
Sent: Thursday, April 26, 2001 10:18 AM
To: Ed Padin; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Logging to a central database



*** PGP Signature Status: unknown
*** Signer: Unknown, Key ID = 0x0F771043
*** Signed: 4/26/01 10:18:34 AM
*** Verified: 4/27/01 11:32:34 AM
*** BEGIN PGP VERIFIED MESSAGE ***

On Thursday 26 April 2001 21:28, Ed Padin wrote:
> Hi,
>
> I'm trying to have a central database for all snort data. I've set up
> postgress and can get snort running on the local machine to log alerts and
> packet paylogs to the snort database. I know want to get the data from my
> remote nodes. Because of our security policies, it's more feasible for me
> to transfer the data via secure file copy rather than doing a remote
> database client.

[snip]

> I appreciate any help anyone can offer.

Question: Why not create a SSH tunnel between your client node to the
central
database server? Then you can use direct DB connection but yet keep the
information encrypted between the remote node and the central database
server.

Best regards
 Michael Boman

--
"eLINUX  ---  Enabling the Net Economy on Linux"
----------------------------------------------------------
Michael Boman                   eLinux Pte Ltd
LPIC-1                          http://www.elinux.com.sg
Technical Consultant            Tel:    (65)  227 6180
michael at ...1290...           Fax:    (65)  227 5808
----------------------------------------------------------

*** END PGP VERIFIED MESSAGE ***





More information about the Snort-users mailing list