[Snort-users] Snort and ACID (multiple sensors)

Michael Steele michaels at ...155...
Thu Mar 21 08:12:06 EST 2002


Rohit,

 

You will need to have snort log to one centralized database, then use
Acid to read from that one database.

 

Change the output database line in snort.conf to reflect the location of
your ONE database and change the user name. Then add that user to MySQL
with the approperate permissions. Make sure you have a secure path for
the remote sensor to connect to the MySQL database.

- Michael

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Rohit Raju
Sent: Thursday, March 21, 2002 6:18 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort and ACID (multiple sensors)

 

Hi,

 

      I have Snort running at the entry points into my Co.'s two
geographically separated intranets...both logging into their respective
MySQL databases. I use ACID to monitor the alerts. My question is, can i
monitor both those sensors using a single ACID interface? 

      ...in other words, how do i add another sensor to my ACID console?

 

                                                   Regards,

                                                   Rohit Raju, CISSP.

                                                   Network Security
Engineer,

                                                   Peak XV Networks,
Inc.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020321/49e9b729/attachment.html>


More information about the Snort-users mailing list