[Snort-users] Import 1 snortdb into another for "1 place monitoring"

Michael Steele michaels at ...9077...
Mon Dec 15 09:52:12 EST 2003


Just place another mysql output database line in snort.conf of the sending
sensor directing alerts to the receiving sensor (log to both at the same
time). You will also need to set the appropriate variables in the new output
database line to access the database on the receiving sensor. You can also
use sensor_name=xxxx at the end of that new output database line to
distinguish in ACID which sensor the alert came from. Don't forget to
restart Snort.

You could also use the existing output database line and change all the
variables to direct it to the remote MySQL database. If you do that, you can
shut down your Webserver (if that's all your using it for is ACID), and
MySQL, and save some resources. You can also use sensor_name=xxxx at the end
of that new output database line to distinguish in ACID which sensor the
alert came from. Don't forget to restart Snort.

Kindest regards,

The WINSNORT.com Management Team
--
Pick up your FREE Windows or UNIX Snort installation guides      
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

________________________________________
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of STEPHEN W.
COREY - 5535
Sent: Monday, December 15, 2003 8:13 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Import 1 snortdb into another for "1 place
monitoring"

I've got 2 snort boxes (Linux, MySQL), one on each side of my firewall. Can
I export all the data from one and import it into the other (On a nightly
basis)? I want to be able to see all my sensors in one ACID console.






More information about the Snort-users mailing list