[Snort-users] Any HOWTO for merging separate snort IDS's into central DB?

Jason Haar Jason.Haar at ...294...
Sat Dec 21 00:22:03 EST 2002


Benjamin Hippler wrote:

>hi,
>i have currently 3 sensors (will become more) for 4 C nets logging into one
>central MySQL DB and works fine. Why do you still want to write the
>logs/entries locally? if you give all your boxes the same mysql hostname to
>write the logs you dont have to merge all your stuff afterwards.
>
>  
>
I am managing snort systems in Sweden, East and West Coast USA and New 
Zealand. Try centralizing that without running the risk of DoSing your 
WAN links...

I have personally seen snort produce 300 alerts/sec due to one of these 
networks having extremely odd SNMP traffic triggering it. If I had 
central logging, I would have taken down our company's WAN... (100Mbs 
monitored links don't go down T1 WAN links very well...)

Jason







More information about the Snort-users mailing list