RE: Multiple Snort sensor with MYSQL and ACID

["Gould, Scott" <sgould () gogstats org>]

I also found I had to manually go into the db and add the extra sensors
with a different SID to the sensor table when I ran a similar setup.  If
you end up using barnyard, just reference the sensor by it's SID in the
sensor table 

I don't run this setup anymore, due to getting up to 7 sensors and the
DB couldn't handle it.   Wasn't getting packet loss, as was using
barnyard, juts DB got slow at around half a million entries.



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeff Dell
Sent: Saturday, June 05, 2004 3:46 PM
To: 'Primero'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Multiple Snort sensor with MYSQL and ACID

In the database output module setting add sensor_name=Snort_External.
You
can also check out the following link for all of the database settings:

http://www.snort.org/docs/snort_manual/node20.html

Here is an example:
output database: log, mysql, user=root password=test dbname=db
host=localhost sensor_name=Snort_External

Cheers,

Jeff  

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Primero
Sent: Saturday, June 05, 2004 1:28 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID

Hi all,

I'm setting Snort for the first time and i have to say ... cool:)

I would like to have 2 sensors on 2 different point of my lan. i was  
wondering how can i make the 2 sensor log to the same Mysql DB and how
to  
differentiate beetween them.
In Acid I see a Column called "Sensor" with the value "1" indicating my

only one Sensor now active.

How can i change this value giving him a more explainy name ? (like  
Snort_External)
Will Acid recognize more Sensors?

Bye

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users