Re: Multiple Snort sensors

[Scott Nursten <scott.nursten () quadriga com>]

Hi Fermin, 

This will work fine AFAIK. I only see references to fopen() in log.c, so I'm
pretty sure this will work...!

I would, however, recommend using a db for snort to log to ie. MySQL
(http://www.mysql.com), Postgres (http://www.postgresql.org) etc. That way,
you can have as many sensors as you want log into a central place and still
do event corellation, per sensor reports etc etc using tools in existence -
ie. ACID (http://www.cert.org/kb/aircert/) & also log firewall logs into the
same DB with logsnorter (http://www.snort.org).


Regards,

Scott 



On 25/3/02 12:53 pm, "FGALAN" <FGALAN () teleline es> wrote:

> Hello everyone.
>
> I would like if it is posible to have multiple Snort sensors
> running simultaneously in different hosts outputing logs to
> the same place or if it nos possible due to some concurrence
> problems.
>
> I mean,
>
> snort -l log [...] in host1
> snort -l log [...] in host2
> snort -l log [...] in host3
>
> where log is a shared directory (via NFS, for example).
>
> Thanks in advance.
>
> ------------
> Fermin Galan
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users