[Snort-users] adding additional sensor to ACID

SecurityAdmin at ...7345... SecurityAdmin at ...7345...
Sun Apr 6 17:26:02 EDT 2003


In your snort.conf file on each sensor you need to add the following

sensor_name=asensornameyouwant 

This goes at the end of the line where you define where the snort sensor
logs to (output). Each sensor needs a unique name for the alerts to be
recognizable in acid. Also, sometimes you need to use the IP os the database
machine in that line instead of the FQDN.

For example:

Output database: log, mysql, user=snort password=snort dbname=snort
host=192.168.1.1 sensor_name=Pipe_1


-----Original Message-----
From: sunzi [mailto:sunzi at ...8646...]
Sent: Friday, April 04, 2003 7:58 AM
To: John Hally; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] adding additional sensor to ACID


AFAIK, the sensor won't show up unless an actual alert is logged to the DB.
I'd test the sensor itself with nmap before you dig too deep.

hth,
sunzi
----- Original Message -----
From: "John Hally" <JHally at ...5637...>
To: <snort-users at lists.sourceforge.net>
Cc: <acidlab-users at lists.sourceforge.net>
Sent: Friday, April 04, 2003 9:20 AM
Subject: [Snort-users] adding additional sensor to ACID


>
> Hello,
>
> I added a second sensor to the network, but can't seem to find any docs
> explaining how you add a second sensor to ACID.  I had thought it would
just
> report automatically, but it doesn't seem to be logging to the DB.  Anyone
> run into this?
>
> thanks in advance.
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb:
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list