Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort rules from a database?

From: "Robinson, Ken" <ken.robinson () ccra-adrc gc ca>
Date: Wed, 9 Jan 2002 14:54:31 -0500
Hello,

We now have cool stuff like logging to an SQL database from multiple sensors
and monitoring the results from a web interface like ACID.   

How about storing the Snort rules in an SQL database as well?   Then you
could have all your snort sensors pick up the rules that they need.   You
could put  an identifier column in the database to let the sensors know
which rules are generic and which are specific to a sensor.    Add a web
front end to this, and now you've got a full easy to use package.   You
might want to do something that would provide a local cache of the rules
just in case you were cut off from your database (just like you'd log to a
local filesystem and the database for such a problem).  

Is this a good idea?  

Has anything like this been done?  

Thanks.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: