[Snort-users] Any HOWTO for merging separate snort IDS's into central DB?
Jason.Haar at ...294...
Sat Dec 21 00:22:03 EST 2002
Benjamin Hippler wrote:
>i have currently 3 sensors (will become more) for 4 C nets logging into one
>central MySQL DB and works fine. Why do you still want to write the
>logs/entries locally? if you give all your boxes the same mysql hostname to
>write the logs you dont have to merge all your stuff afterwards.
I am managing snort systems in Sweden, East and West Coast USA and New
Zealand. Try centralizing that without running the risk of DoSing your
I have personally seen snort produce 300 alerts/sec due to one of these
networks having extremely odd SNMP traffic triggering it. If I had
central logging, I would have taken down our company's WAN... (100Mbs
monitored links don't go down T1 WAN links very well...)
More information about the Snort-users