[Snort-users] Creating sensors and distributed IDS

James Riden j.riden at ...11179...
Wed Nov 10 10:15:08 EST 2004


"Смородникова Е.В." <jane at ...12652...> writes:

>    Hi, I'm newbie in using Snort. Could you please give me some info
>    about how to create several Snort sensors and manage them with ACID.
>    (not about ACID, I have already installed it). As I think, I will need
>    one server, where MySQl and ACID works and I need info about how make
>    Snort on different mashines to send all data to the centralized mysql
>    base.

Just have all the snort.conf's log as follows:

output database: log, postgresql, user=snort_db_user \
 dbname=snort host=my-database-backend.mydomain

So output from all sensors is going to a central database. You may
need to tweak the database config and permissions in this case, to
allow remote access - I think you do need to with postgresql at least.

What errors are you seeing? 

cheers,
 Jamie
-- 
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/





More information about the Snort-users mailing list