[Snort-users] BASE and Snorby running together

Castle, Shane scastle at ...14946...
Wed Feb 22 12:03:03 EST 2012


I'd like to try running BASE and Snorby (using Security Onion platform) together against the same database. I'm thinking that I only have to add the database tables peculiar to BASE:
acid_ag
acid_ag_alert
acid_event
acid_ip_cache
base_roles
base_users

I realize this is probably simplistic and there could be issues, such as deleting alerts in BASE will probably not delete all the alert data in all the tables. If anyone has done this dual setup successfully and has warnings or errors to avoid I'd like to know.

I might have to modify the BASE code to run successfully this way. Please, no evangelizing of Snorby over BASE; I just like a lot of the features available in BASE that are not there in Snorby (or if they are I can't seem to find them). OTOH there are a lot of BASE issues that drive me nuts and make me wish for an active support group.

And yes, I know this is probably a lost cause. I'd like to try anyway.

-- 
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH





More information about the Snort-users mailing list