[Snort-users] 3 Snort, 1 MySQL

Jason Gauthier jgauthier at ...6155...
Fri Jun 28 09:47:08 EDT 2002


Actually, I change my plan :)

This will take testing to make sure my machine can handle the load.
But I'm planning on putting a machine with 3 NICs in it.
2 of them unaddressed. One on the DMZ and one outside. 
the last, addressed, inside.

And hoping that I can make all 3 snorts instances log to mysql in an
organized fashion.
(Database per instance? tables are based on interface?)

Any recommandation on how that works are welcome.

>-----Original Message-----
>From: Beno Chapman [mailto:beno_chapman at ...6122...]
>Sent: Friday, June 28, 2002 9:58 AM
>To: Snort at Sourcefourge
>Subject: Re: [Snort-users] 3 Snort, 1 MySQL
>
>
>Olah,
>
>I'm currently setting something like this up.  My question is 
>why did you
>decide to place the MySQL backend 'inside'?  I've been thinking about
>placing it inside my DMZ so I can securely access from outside 
>(while at
>home).  Plus the way our DMZ is set it's harder for traffic to 
>crawl into
>the LAN than it is for traffic to crawl into the DMZ from the LAN.
>
>Late,
>Beno Chapman
>
>
>On 6/26/02 9:22 AM, "Jason Gauthier" <jgauthier at ...6155...> wrote:
>
>> Greetings-
>> 
>> I'm interested in using MySQL as the logging back end.  My 
>plan involved 3
>> snort systems: Inside, Outide, and DMZ. (Pretty normal 
>stuff).  I would like
>> on box on the inside of my network to host MySQL.
>> My intention is to use the SSL capabilities of MySQL, to secure the
>> connection from the DMZ and the Outide snort servers.
>> 
>> Is this possible, and are there any cavaets I should consider?
>> 
>> Thanks,
>> 
>> Jason
>> 
>> 
>> -------------------------------------------------------
>> This sf.net email is sponsored by: Jabber Inc.
>> Don't miss the IM event of the season | Special offer for 
>OSDN members!
>> JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Caffeinated soap. No kidding.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list