[Snort-users] Multiple Snort sensors
scott.nursten at ...5383...
Tue Mar 26 23:54:33 EST 2002
This will work fine AFAIK. I only see references to fopen() in log.c, so I'm
pretty sure this will work...!
I would, however, recommend using a db for snort to log to ie. MySQL
(http://www.mysql.com), Postgres (http://www.postgresql.org) etc. That way,
you can have as many sensors as you want log into a central place and still
do event corellation, per sensor reports etc etc using tools in existence -
ie. ACID (http://www.cert.org/kb/aircert/) & also log firewall logs into the
same DB with logsnorter (http://www.snort.org).
On 25/3/02 12:53 pm, "FGALAN" <FGALAN at ...5188...> wrote:
> Hello everyone.
> I would like if it is posible to have multiple Snort sensors
> running simultaneously in different hosts outputing logs to
> the same place or if it nos possible due to some concurrence
> I mean,
> snort -l log [...] in host1
> snort -l log [...] in host2
> snort -l log [...] in host3
> where log is a shared directory (via NFS, for example).
> Thanks in advance.
> Fermin Galan
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users