[Snort-users] snort-mysql, logging on TWO sql servers

Michel Christophe tofm2 at ...1855...
Sat Nov 29 09:49:02 EST 2003


Hello

	I run snort on two separated networks linked over VPN. Snort logging to
both sql servers taken separately work fine, so does the VPN.

	For security reasons, I would like to mirror the logging of one snort
sensor to both sql servers..

versions are as follow:

[cm at ...10652... cm]$ rpm -qa | grep snort
snort-mysql-2.0.1-3mdk
snort-2.0.1-3mdk

[cm at ...10652... cm]$ rpm -qa | grep SQL
MySQL-common-4.0.15-1mdk
MySQL-client-4.0.15-1mdk
MySQL-4.0.15-1mdk

On the first machine I (let us call it MACHINE-A have the following
snort database logging  config:

output database: log, mysql, user=XXXXX password=YYYYY dbname=snort
host=localhost encoding=hex detail=full

(this machine hosts both snort AND mysql server)

And I would like this machine to sql-log ALSO on the second sql server
(let us call it -MACHINE-B (MACHINE-B is located over the VPN, but I
think vpn in itself is not a problem )

Before I run in big headaches, I would like to ask this list first if
such a dual logging is possible ??

Then, if this is possible (which I hope), could you enlighten me how
should I fiddle with snort's config file:

Should I add a second snort-database logging config line such as
follows:

output database: log, mysql, user=XXXXX password=YYYYY dbname=snort
host=MACHINE-B encoding=hex detail=full

or sum'thin' like this :

output database: log, mysql, user=XXXXX password=YYYYY dbname=snort
host=localhost, MACHINE-B encoding=hex detail=full

Thanks for light

-- 
Michel Christophe <tofm2 at ...1855...>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031129/417f8d13/attachment.sig>


More information about the Snort-users mailing list