Multiple sensors

["Mike Arrison" <arrison () gnostech com>]

Howdy,
        I currently have a single snort box sniffing our network uplink and logging
alerts to a mysql database on the same machine.  I'd like to setup other
sensors on different VLANs in our network but keep alerting somehow
centralized.  Do you suggest that I:

a) Use a remote mysql database connection to send the alerts back to the
original mysql database
b) Is there some built in snort connectivity to gather alerts?
c) Log locally and cron up a mysqldump every hour or so (ewww, this is an
icky idea).

        Things to consider:

a) I'd prefer to keep only one set of rules, rather than different
snort.conf etc... on each sniffer.
b) If necessary, I can directly connect the multiple sniffers with a
crossover cable

        All suggestions welcome.  Thanks.

        -Mike Arrison


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users