[Snort-users] Multiple sensors one database

Atkins, Dwane P ATKINSD at ...9240...
Tue Apr 12 17:03:19 EDT 2011


Good afternoon,

We are running two snort devices and attempting to get them both to record to one mysql database.

Created database snort.  Assigned permissions to sensor1 at ...15240...<mailto:sensor1 at ...15240...> and sensor2 at ...15241...<mailto:sensor2 at ...15241...>.  I installed Snort 2.9.0.5 schema so that databases would all look the same. Yes, I did have a single mysql database on each sensor but was told in that in order to run a particular Application, I would need a single database.

We are using Snort 2.9.0.5 on Ubuntu 10.04.01 LTS.  We are using Barnyard2.  In the Barnyard2.conf file, we have an entry, "output database: log, mysql, user=snort password=snortpass dbname=snort host=10.10.12.1 sensor_name='sensor1'  and have an identical entry for the second sensor.

I have not made any configuration changes the my.cnf.  It currently binds to 127.0.0.1 but should I have it bind to the Master

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 10.10.12.1

Is there anywhere else I need to check?  Do I need to shutdown mysql on each sensor now?

Thank you

Dwane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110412/aa937344/attachment.html>


More information about the Snort-users mailing list