[Snort-users] Re: ACID and multiple databases

Dominick, David David.Dominick at ...1813...
Fri Oct 12 07:28:11 EDT 2001


One more question then:
Can I use Snort with oracle and get ACID to pull from it?

-----Original Message-----
From: roman at ...438... [mailto:roman at ...438...]
Sent: Thursday, October 11, 2001 1:45 PM
To: Dominick, David
Cc: snort-users at lists.sourceforge.net
Subject: [Snort-users] Re: ACID and multiple databases


ACID cannot pull from multiple database servers.  Currently, queries
can only be executed against on database at a time.

Possible hacks include: 

* configuring Snort to log to both the local database and a central
database

 + Pro: happens automatically
 - Con: could slow down Snort's detection functionality
 - Con: data cannot cross administrative domains

* archive alerts from the 6 databases into a common database

 - Con: aggregation requires manual intervention

* custom scripts to perform equivalent of archiving

 + Pro: happens automatically
 + Pro: no degradation in Snort detection performance
 - Con: no such scripts exist

Roman

On Thu, 11 Oct 2001, Dominick, David wrote:

> Can my acid console pull from multiple MySQL servers?
> If so, can you tell me the conf for it.
> (I have 6 boxes out running snort all with their own local database. I
want
> to monitor that from a central machine.
>
>
> Thank you,
> David Dominick
> Enterprise Security Engineering
> 404-202-2848



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list