[Snort-users] Multiple Snort sensors

Scott Nursten scott.nursten at ...5383...
Tue Mar 26 23:54:33 EST 2002


Hi Fermin, 

This will work fine AFAIK. I only see references to fopen() in log.c, so I'm
pretty sure this will work...!

I would, however, recommend using a db for snort to log to ie. MySQL
(http://www.mysql.com), Postgres (http://www.postgresql.org) etc. That way,
you can have as many sensors as you want log into a central place and still
do event corellation, per sensor reports etc etc using tools in existence -
ie. ACID (http://www.cert.org/kb/aircert/) & also log firewall logs into the
same DB with logsnorter (http://www.snort.org).


Regards,

Scott 



On 25/3/02 12:53 pm, "FGALAN" <FGALAN at ...5188...> wrote:

> Hello everyone.
> 
> I would like if it is posible to have multiple Snort sensors
> running simultaneously in different hosts outputing logs to
> the same place or if it nos possible due to some concurrence
> problems.
> 
> I mean,
> 
> snort -l log [...] in host1
> snort -l log [...] in host2
> snort -l log [...] in host3
> 
> where log is a shared directory (via NFS, for example).
> 
> Thanks in advance.
> 
> ------------
> Fermin Galan
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list