[Snort-users] Snort + Demarc Remote logging?

diwelf diwelf at ...5839...
Mon May 13 07:37:07 EDT 2002


Hi,
I'm sure this is probably a really stupid question, But I just couldn't 
find my answer anywhere on google or in mailing lists. So, here goes.

What i'm trying to do is the following:

----> internet --> Openbsd (gateway/nat/snort) ->> switch ->> internal

What i'm trying to do, is get snort running on the openbsd box, then 
sending the logs it creates to a mysql server on my windows box, inside 
the network. I'm trying to monitor all the attempts on my firewall. I 
have mysql, apache +ssl, demarc installed on the windows box. Now, my 
question is, is this possible without running two copies of demarc? (one 
on the router, one on the windows box?). The logs seem to be getting 
sent to the database, i'm just unsure as to how to setup demarc to read 
them properly i guess. I've been trying for three days straight and i 
just can't figure this out. Or, is there a better solution? Thanks.

Matt
diwelf at ...5840...








More information about the Snort-users mailing list