[Snort-users] Snort + Demarc Remote logging?
diwelf at ...5839...
Mon May 13 07:37:07 EDT 2002
I'm sure this is probably a really stupid question, But I just couldn't
find my answer anywhere on google or in mailing lists. So, here goes.
What i'm trying to do is the following:
----> internet --> Openbsd (gateway/nat/snort) ->> switch ->> internal
What i'm trying to do, is get snort running on the openbsd box, then
sending the logs it creates to a mysql server on my windows box, inside
the network. I'm trying to monitor all the attempts on my firewall. I
have mysql, apache +ssl, demarc installed on the windows box. Now, my
question is, is this possible without running two copies of demarc? (one
on the router, one on the windows box?). The logs seem to be getting
sent to the database, i'm just unsure as to how to setup demarc to read
them properly i guess. I've been trying for three days straight and i
just can't figure this out. Or, is there a better solution? Thanks.
diwelf at ...5840...
More information about the Snort-users