[Snort-users] Multiple Interfaces with mysql & acid

Guillaume guillaume at ...4029...
Tue Feb 12 02:55:03 EST 2002


Dans son précédent message Steven Williams écrivait :

> My next challenge is to load up multiple interfaces on this server for
> various networks.
>
> I know I have to write multiple services with each having the different
> interface id's, but do I log this to the same mysql database or do I
> create a new database for each interface or instance and customise a
> acid report for each?

Hi.

You can (should?) use the same DB to log all your sensors's alerts. I use
to do that, it works fine. You also can set up a special name for each of
you snort instance that will be used in the DB to identify each sensor. By
default, it will be printed out like "ip_address_or_sensor_hostname:nic_id"
on the DB.

You can specify a id name for your sensor by adding the parameter
sensor_name on your snort.conf file :

output database: log, mysql, dbname=snort user=jed host=localhost
password=xyz sensor_name=lan_sensor

Regards,

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]






More information about the Snort-users mailing list