[Snort-users] Multiple Sensors to 1 DB Server

The infoSphere mgalvin001 at ...3027...
Fri Oct 11 13:21:03 EDT 2002


I have done this on a smaller scale(1 sensor to 1 DB server) before but 
not with a bunch of sensors (more that one (2+) sensors to one(1) DB 
server), I was just wondering if anyone has setup multiple snort senors 
to log to one central DB server running MySQL. Pretty much my question 
is a  few yes' or no's unless there may be an issue,

Does Snort along with MySQL handle this well,

and or are there any potential issues or pitfalls i should be aware of.

Can i just tell the senors to log the central DB server and all will be 
well.

I know how to do the configurations and i have worked out a solution 
for when the connections to the central server may go down while taking 
into account actions to be taken on both the DB server and the sensors 
so that no information gets lost, which I hope to be able to release to 
the community soon. I just need to know if this should work OK or not.

There should not be any issue with having the central DB hold info for 
multiple sensors right? This goes for things like primary keys in the 
DB and all that good stuff.


Thanks a million in advance for any help or advice,

The infoSphere





More information about the Snort-users mailing list