[Snort-users] Have Snort on our master log server
jasonb at ...1935...
Sat Dec 24 06:16:00 EST 2005
Jacob Friis Saxberg wrote:
>>can have multiple snort instances logging to a central server though.
> How do I do that?
Check out the setup guides at http://www.snort.org/docs/ for your platform
In general the guides cover setting up a system with everything on them
and then there is a section about logging to a central database.
In short it goes like this.
- Configure snort on your sensors to use unified output
- Use barnyard or Flop to send the output to your database
- Point your analysis frontend to this databse.
More information about the Snort-users