[Snort-users] remote sensor config

Zondlo, Zack ZZondlo at ...11597...
Wed Apr 7 15:06:02 EDT 2004


hello all,
 
i am trying to get my remote sensor to report to my management server, so far with no luck. the management server is up with acid and snortcenter and running fine, with snort running and reporting fine as well. mysql client and snortcenter client are on the sensor; snortcenter works fine, i can stop and start the sensor from the management box, push rules etc . i have tried the following versions of the output line in snort.conf on the sensor server:
 
output database: alert, mysql, host=127.0.0.1 dbname=snort user=my_username password=my_password sensor_name=sensor, encoding ascii
 
output database: alert, mysql, host=10.100.1.240 dbname=snort user=my_username password=my_password sensor_name=sensor, encoding ascii
 
with the second one the sensor and the management server have a conversation of 10 packets going to port 3306 on the management server, which is correct. when snort starts, then nothing. the first config gets me nothing at all. snortcenter talks all the time on port 2525.
 
the documentation i've read says to use the first line listed. if this is correct, then how do i get the sensor to know where management is? basically, i guess, how do i get this to work?
 
thanks in advance,
zack
 
 


More information about the Snort-users mailing list