[Snort-users] Queuing MSSQL log data without Barnyard
Burleson, Lee (IA)
Lee.Burleson at ...1358...
Mon Sep 24 08:01:01 EDT 2001
Just an idea for anyone that is interested; feedback appreciated.
In the absence of Barnyard, I am toying with the following scenario:
* Central DB: Win2k, MSSQL Standard, with Replication components installed
* Snort sensor(s): Win2k, MSSQL _Personal_, Snort configured to log to
* The sensors would then be set up to replicate their local Snort DB the
Central DB, in a push only scenario.
* All traffic between sensors and Central DB would be secured with IPSec.
* MSSQL Replication would be handled in a queuing fashion.
* No more problems with downtime of Central DB, as Sensors are logging to
More information about the Snort-users