[Snort-users] Snort and ACID on separate systems?

Erek Adams erek at ...577...
Tue Jun 18 14:48:09 EDT 2002


On Tue, 18 Jun 2002, Djinn D'Angel wrote:

> I have been running Snort in my environment for quite some time and using
> Snortsnarf as a psudo-reporting mechanism. I want to move to using ACID for
> reports and database storage of alerts, but I also want to be able to have
> Snort and ACID running on separate systems. I have not been able to find
> any good documentation on implementing Snort and ACID in this way. Can
> someone make a suggestion where I might look?

Actaully, it's very simple.

On the DB output line, just change 'localhost' or 127.0.0.1 into the machine
you've got MySQL on.  Make sure that snortuser at ...6131... has
access to the tables.  That's about it--IIRC.  :)  Just don't put your MySQL
box in the DMZ.  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list