[Snort-users] Multiple sensors one database
Atkins, Dwane P
ATKINSD at ...9240...
Tue Apr 12 17:03:19 EDT 2011
We are running two snort devices and attempting to get them both to record to one mysql database.
Created database snort. Assigned permissions to sensor1 at ...15240...<mailto:sensor1 at ...15240...> and sensor2 at ...15241...<mailto:sensor2 at ...15241...>. I installed Snort 220.127.116.11 schema so that databases would all look the same. Yes, I did have a single mysql database on each sensor but was told in that in order to run a particular Application, I would need a single database.
We are using Snort 18.104.22.168 on Ubuntu 10.04.01 LTS. We are using Barnyard2. In the Barnyard2.conf file, we have an entry, "output database: log, mysql, user=snort password=snortpass dbname=snort host=10.10.12.1 sensor_name='sensor1' and have an identical entry for the second sensor.
I have not made any configuration changes the my.cnf. It currently binds to 127.0.0.1 but should I have it bind to the Master
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 10.10.12.1
Is there anywhere else I need to check? Do I need to shutdown mysql on each sensor now?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users