[Snort-users] multiple sensors, one db

Jari Pirhonen lists at ...2077...
Tue May 22 05:37:53 EDT 2001


Hi,

We want to install multiple snort-sensors which should log in one
database. We would like to keep log-db in our internal network. We are
not going to open our fw to allow Snort to contact our internal network
directly. We are planning to use ACID also.

Does anyone have any good architecture suggestions?

Does MySQL replication features help? Internal db could use replication
to fetch information from Snort-specific databases. Can I  log several
Snort-sensors in ONE database or do I need separate instances for each
Snort-sensor?

Is it possible to use ACID to search from several Snort-logs or so we
need to handle each Snort-logs separately? Is there a better way to get
"big picture" from several Snort-sensors?

Jari

--

Jari Pirhonen
japi at ...2077...






More information about the Snort-users mailing list