[Snort-users] Multiple Interfaces with mysql & acid
guillaume at ...4029...
Tue Feb 12 02:55:03 EST 2002
Dans son précédent message Steven Williams écrivait :
> My next challenge is to load up multiple interfaces on this server for
> various networks.
> I know I have to write multiple services with each having the different
> interface id's, but do I log this to the same mysql database or do I
> create a new database for each interface or instance and customise a
> acid report for each?
You can (should?) use the same DB to log all your sensors's alerts. I use
to do that, it works fine. You also can set up a special name for each of
you snort instance that will be used in the DB to identify each sensor. By
default, it will be printed out like "ip_address_or_sensor_hostname:nic_id"
on the DB.
You can specify a id name for your sensor by adding the parameter
sensor_name on your snort.conf file :
output database: log, mysql, dbname=snort user=jed host=localhost
[ Sent with SquirrelMail - http://www.squirrelmail.org ]
More information about the Snort-users