[Snort-users] Re: ACID and multiple databases

roman at ...438... roman at ...438...
Thu Oct 11 14:46:05 EDT 2001


ACID cannot pull from multiple database servers.  Currently, queries
can only be executed against on database at a time.

Possible hacks include: 

* configuring Snort to log to both the local database and a central
database

 + Pro: happens automatically
 - Con: could slow down Snort's detection functionality
 - Con: data cannot cross administrative domains

* archive alerts from the 6 databases into a common database

 - Con: aggregation requires manual intervention

* custom scripts to perform equivalent of archiving

 + Pro: happens automatically
 + Pro: no degradation in Snort detection performance
 - Con: no such scripts exist

Roman

On Thu, 11 Oct 2001, Dominick, David wrote:

> Can my acid console pull from multiple MySQL servers?
> If so, can you tell me the conf for it.
> (I have 6 boxes out running snort all with their own local database. I want
> to monitor that from a central machine.
>
>
> Thank you,
> David Dominick
> Enterprise Security Engineering
> 404-202-2848



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list