[Snort-users] database output plugin sensor_name parameter and ACID strangeness
Adam.Muntner at ...11727...
Tue Apr 27 17:35:59 EDT 2004
I've been doing some experimenting using multiple senors and a single
console box, and have noticed the following behavior
Even if I set sensor_name in the output plugin list, it is not set in
the list of sensors... rather, it will say "0.0.0.0:ce1" (the interface
does not have an IP address and it is a gigabit nic interface named ce1)
If I go into the "sensor" table in the snort database, I can change the
hostname field to whatever I like. That works until I restart the
sensor... Unfortunately, it's only persistent until I restart the Snort
sensor. Then, a new interface is added to the list named "0.0.0.0:ce1"
and all the events end up attached to that sensor id.
Some advice would be appreciated!
My output line looks like:
output database: alert, mysql, dbname=snort, sensor_name=test_ce0
user=snort password=foo host=10.99.99.99
Adam Muntner, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users