[Snort-users] Any HOWTO for merging separate snort IDS's into central DB?

Cloppert, Michael Michael.Cloppert at ...5884...
Tue Dec 24 08:43:02 EST 2002


> I am managing snort systems in Sweden, East and West Coast 
> USA and New 
> Zealand. Try centralizing that without running the risk of 
> DoSing your 
> WAN links...

For me it's a matter of redundancy.  I keep data on the sensors in case some
piece of network hardware takes a dump between my sensor and my central
database.  Also, if for some reason disaster befell my backend database, I
could only restore from tape to the most recent backup (the night before,
presumably).  I could rebuild ALL data in this case by simply re-importing
the events.

Mike




More information about the Snort-users mailing list