[Snort-users] database output plugin sensor_name parameter and ACID strangeness

Muntner, Adam Adam.Muntner at ...11727...
Tue Apr 27 17:35:59 EDT 2004


I've been doing some experimenting using multiple senors and a single
console box, and have noticed the following behavior
 
Even if I set sensor_name in the output plugin list, it is not set in
the list of sensors... rather, it will say "0.0.0.0:ce1" (the interface
does not have an IP address and it is a gigabit nic interface named ce1)
 
If I go into the "sensor" table in the snort database, I can change the
hostname field to whatever I like.  That works until I restart the
sensor... Unfortunately, it's only persistent until I restart the Snort
sensor.  Then, a new interface is added to the list named "0.0.0.0:ce1"
and all the events end up attached to that sensor id.
 
Some advice would be appreciated!
 
My output line looks like:
output database: alert, mysql, dbname=snort, sensor_name=test_ce0
user=snort password=foo host=10.99.99.99


Adam Muntner, CISSP 


 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040427/b9b7ced8/attachment.html>


More information about the Snort-users mailing list