[Snort-users] SnortCenter and existing init s

larc larc at ...1187...
Fri Jan 31 14:13:02 EST 2003


Hi,

It's best that you don't change snortcenter but change your init script.
Change your script to something like this.

cmd_line=`cat "/etc/snort/snort_cmd_line.eth0"`
snort -D -i eth0 $cmd_line

if you start snort like this with your init script you still have the same snort settings and you will also be able to encrypt the Mysql traffic.
When you you use the management console to stop or restart snort, the ssh tunnel will still be active.

Hope this helps,
Stefan

------------------------
 "McGuire, Dennis" <dmcguire at ...8127...> wrote:
------------------------
All, I have an existing distributed IDS infrastructure (snort
>1.8.7/ACID/MySQL) that I am now trying to manage using SnortCenter.  I have
>existing customized init scripts on the sensors that I want to have
>SnortCenter use - this is because I forward port 3306 over ssh for traffic
>back to the centralized snort db, and the up/down of the tunnel is done
>within the init script for snort.
>
>It seems that SnortCenter doesn't use the init scripts on the sensor, at
>least from observation and reading sensor.php and index.cgi.  Has anyone
>customized SnortCenter to use existing init scripts, or am I on my own?
>
>Thanks,
>Dennis
>
>
>
>
>
>
>SnortCenter and existing init scripts on sensors
>
>
>
>All, I have an existing distributed IDS 
>infrastructure (snort 1.8.7/ACID/MySQL) that I am now trying to manage 
>using SnortCenter. I have existing customized init scripts on the 
>sensors that I want to have SnortCenter use - this is because I forward 
>port 3306 over ssh for traffic back to the centralized snort db, and 
>the up/down of the tunnel is done within the init script for 
>snort.
>
>It seems that SnortCenter doesn't use the init 
>scripts on the sensor, at least from observation and reading sensor.php 
>and index.cgi. Has anyone customized SnortCenter to use existing 
>init scripts, or am I on my own?
>
>Thanks,
>Dennis






More information about the Snort-users mailing list