[Snort-users] Any HOWTO for merging separate snort IDS's into central DB?

Andrea Barisani lcars at ...96...
Sat Dec 21 01:49:01 EST 2002


> > From: Jason Haar [mailto:Jason.Haar at ...294...]
> > Sent: Tuesday, December 17, 2002 6:55 PM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] Any HOWTO for merging separate snort IDS's into
> > central DB?
> > 
> > 
> > For network protection we're running snort on separate boxes 
> > with local
> > MySQL databases. However, once a month (say) I'd like to pull 
> > those SQL logs
> > together into a "meta-DB" so that we can look at the IDS 
> > network as a whole.
> > 
> > Obviously snort on these standalone systems are re-using the 
> > same id numbers
> > for different things, so I was wondering if anyone had 
> > written a script that
> > could allow such separate databases to be pulled together as 
> > a consistent
> > offering. All our snort systems run the same release and same 
> > schema, so
> > there data is internally consistent.
> > 

Hi,

you can take a look at my Multiple Snort Sensor HOWTO, 

http://www.infis.univ.trieste.it/~lcars/ids

It's not exactly what you are asking but maybe it can be helpful.

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer         .*. 
Department of Physics       - University of Trieste    /V\
lcars at ...96... - PGP Key 0x8E21FE82      (/ \)
----------------------------------------------------  (   )
"How would you know I'm mad?" said Alice.             ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------




More information about the Snort-users mailing list