[Snort-users] adding additional sensor to ACID

Ghercoias, Catalin CGhercoias at ...8619...
Fri Apr 4 07:46:16 EST 2003

Look at your snort.eth1.conf file. There should be a line like this below:

output database: log, mysql, user=your_user password=your_password
dbname=your_database host=your_host port=3306 sensor_name=Your_sensor_name

Change the name of the sensor with something else. Once this is done and an
alert will be triggered on the second snort box you should see that in ACID.
You'll be having 2 sensors and alerts will go separately in database
according to the sensor they originated from.

Thank you, 
Catalin Ghercoias 
Web/Security System Administrator 
Office Phone: +(518) 452-1242 Ext.7435 
Fax: (518) 452-4768 
Mail: Catalin Ghercoias <mailto:cghercoias at ...8617...>  
website: http://www.fye.com <http://www.fye.com/>  
The content of this communication is classified as Transworld Entertainment
Confidential and Proprietary Information.The content of this communication
is intended solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. If you are not the intended
recipient you are hereby notified that any disclosure, copying, distribution
or taking any action in reliance on the contents of this information is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by responding to this
communication then delete it from your system. We appreciate your assistance
in preserving the confidentiality of our correspondence. Thank you.

Message: 9
From: John Hally <JHally at ...5637...>
To: snort-users at lists.sourceforge.net
Cc: acidlab-users at lists.sourceforge.net
Date: Fri, 4 Apr 2003 09:20:00 -0500 
Subject: [Snort-users] adding additional sensor to ACID


I added a second sensor to the network, but can't seem to find any docs
explaining how you add a second sensor to ACID.  I had thought it would just
report automatically, but it doesn't seem to be logging to the DB.  Anyone
run into this?

thanks in advance.

More information about the Snort-users mailing list