[Snort-users] Have Snort on our master log server

Jason Brvenik jasonb at ...1935...
Sat Dec 24 06:16:00 EST 2005


Jacob Friis Saxberg wrote:
>>You
>>can have multiple snort instances logging to a central server though.
> 
> 
> How do I do that?
> 

Check out the setup guides at http://www.snort.org/docs/ for your platform

In general the guides cover setting up a system with everything on them
and then there is a section about logging to a central database.

In short it goes like this.

- Configure snort on your sensors to use unified output
- Use barnyard or Flop to send the output to your database
- Point your analysis frontend to this databse.

> Thanks!
> Jacob
> 




More information about the Snort-users mailing list