Snort mailing list archives
RE: Multiple Sensors to 1 DB Server
From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Fri, 11 Oct 2002 15:54:37 -0700
It is possible, I have done it with Snort logging to a remote SQL db. That is what the SID field is for (which sensor logged that packet). Just have to make sure that mysql will allow each of the sensors to log into the same database and have only the minimum of permissions needed to log (insert, select, update). -----Original Message----- From: The infoSphere To: Snort Sent: 10/11/02 1:20 PM Subject: [Snort-users] Multiple Sensors to 1 DB Server I have done this on a smaller scale(1 sensor to 1 DB server) before but not with a bunch of sensors (more that one (2+) sensors to one(1) DB server), I was just wondering if anyone has setup multiple snort senors to log to one central DB server running MySQL. Pretty much my question is a few yes' or no's unless there may be an issue, Does Snort along with MySQL handle this well, and or are there any potential issues or pitfalls i should be aware of. Can i just tell the senors to log the central DB server and all will be well. I know how to do the configurations and i have worked out a solution for when the connections to the central server may go down while taking into account actions to be taken on both the DB server and the sensors so that no information gets lost, which I hope to be able to release to the community soon. I just need to know if this should work OK or not. There should not be any issue with having the central DB hold info for multiple sensors right? This goes for things like primary keys in the DB and all that good stuff. Thanks a million in advance for any help or advice, The infoSphere ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple Sensors to 1 DB Server The infoSphere (Oct 11)
- <Possible follow-ups>
- RE: Multiple Sensors to 1 DB Server Kevin Brown (Oct 11)
- Re: Multiple Sensors to 1 DB Server Dragos Ruiu (Oct 11)
- Re: Multiple Sensors to 1 DB Server Jason Haar (Oct 15)
- Re: Multiple Sensors to 1 DB Server Dragos Ruiu (Oct 11)