[Snort-users] OpenSSH question

Skip Carter skip at ...1552...
Fri Nov 22 09:52:06 EST 2002

> trying to log snort alerts to a remote mysql db via openssh.  any ideas on
> the configuration?

To port foward on a port over ssh, use something like the following from the 

 ssh -L XXXX:dbserver.mydomain.com:XXXX dbserver.mydomain.com

where XXXX is the mysql port number.

then on the IDS connect to the database at XXXX on localhost.

The disadavantage of doing it this way is that it requires you to login via 
ssh to the database server from
the IDS.  A more practical approach is to use stunnel (http://www.stunnel.org/ 
) to provide the equiavlent
without the ssh login session.  The stunnel docs provide all the details.

 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at ...1552...
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            

More information about the Snort-users mailing list