[Snort-users] Queuing MSSQL log data without Barnyard

Burleson, Lee (IA) Lee.Burleson at ...1358...
Mon Sep 24 08:01:01 EDT 2001


Just an idea for anyone that is interested; feedback appreciated.

In the absence of Barnyard, I am toying with the following scenario:

*  Central DB: Win2k, MSSQL Standard, with Replication components installed
*  Snort sensor(s): Win2k, MSSQL _Personal_, Snort configured to log to
itself

*  The sensors would then be set up to replicate their local Snort DB the
Central DB, in a push only scenario.
*  All traffic between sensors and Central DB would be secured with IPSec.
*  MSSQL Replication would be handled in a queuing fashion.
*  No more problems with downtime of Central DB, as Sensors are logging to
themselves.

- Lee




More information about the Snort-users mailing list