[Snort-users] Merging alerts from different sensors
hatique at ...3588...
Tue Oct 23 09:18:13 EDT 2001
I have a number of sensors in geographically diverse locations, each logging locally to MySQL to avoid expensive remote logging. I need to combine all these alerts into a central database and access with ACID. Obviously, the simplest approach is to mysqldump the data from the sensors and load into the central database. However, that doesn't work because of conflict with auto-increment fields, and other conflicts.
The long-winded alternative would be to write something to extract the data from each sensor and load into the central database, one alert at a time. But I was wondering whether other alternatives are available.
How are the rest of you doing it?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users