Snort mailing list archives
RE: adding additional sensor to ACID
From: SecurityAdmin () aspentech com
Date: Sun, 6 Apr 2003 19:24:54 -0500
In your snort.conf file on each sensor you need to add the following sensor_name=asensornameyouwant This goes at the end of the line where you define where the snort sensor logs to (output). Each sensor needs a unique name for the alerts to be recognizable in acid. Also, sometimes you need to use the IP os the database machine in that line instead of the FQDN. For example: Output database: log, mysql, user=snort password=snort dbname=snort host=192.168.1.1 sensor_name=Pipe_1 -----Original Message----- From: sunzi [mailto:sunzi () mod-x co uk] Sent: Friday, April 04, 2003 7:58 AM To: John Hally; snort-users () lists sourceforge net Subject: Re: [Snort-users] adding additional sensor to ACID AFAIK, the sensor won't show up unless an actual alert is logged to the DB. I'd test the sensor itself with nmap before you dig too deep. hth, sunzi ----- Original Message ----- From: "John Hally" <JHally () epnet com> To: <snort-users () lists sourceforge net> Cc: <acidlab-users () lists sourceforge net> Sent: Friday, April 04, 2003 9:20 AM Subject: [Snort-users] adding additional sensor to ACID
Hello, I added a second sensor to the network, but can't seem to find any docs explaining how you add a second sensor to ACID. I had thought it would
just
report automatically, but it doesn't seem to be logging to the DB. Anyone run into this? thanks in advance. ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- adding additional sensor to ACID John Hally (Apr 04)
- Re: adding additional sensor to ACID sunzi (Apr 04)
- <Possible follow-ups>
- RE: adding additional sensor to ACID Brei, Matt (Apr 04)
- RE: adding additional sensor to ACID John Hally (Apr 04)
- adding additional sensor to ACID Ghercoias, Catalin (Apr 04)
- RE: adding additional sensor to ACID SecurityAdmin (Apr 06)
- RE: adding additional sensor to ACID Wayne . Freeman (Apr 07)