[Snort-users] database output plugin sensor_name parameter and ACID strangeness

Muntner, Adam Adam.Muntner at ...11727...
Tue Apr 27 17:35:59 EDT 2004

I've been doing some experimenting using multiple senors and a single
console box, and have noticed the following behavior
Even if I set sensor_name in the output plugin list, it is not set in
the list of sensors... rather, it will say "" (the interface
does not have an IP address and it is a gigabit nic interface named ce1)
If I go into the "sensor" table in the snort database, I can change the
hostname field to whatever I like.  That works until I restart the
sensor... Unfortunately, it's only persistent until I restart the Snort
sensor.  Then, a new interface is added to the list named ""
and all the events end up attached to that sensor id.
Some advice would be appreciated!
My output line looks like:
output database: alert, mysql, dbname=snort, sensor_name=test_ce0
user=snort password=foo host=

Adam Muntner, CISSP 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040427/b9b7ced8/attachment.html>

More information about the Snort-users mailing list