Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Creating sensors and distributed IDS

From: James Riden <j.riden () massey ac nz>
Date: Thu, 11 Nov 2004 07:14:45 +1300
"Смородникова Е.В." <jane () rkc-nsk ru> writes:


   Hi, I'm newbie in using Snort. Could you please give me some info
   about how to create several Snort sensors and manage them with ACID.
   (not about ACID, I have already installed it). As I think, I will need
   one server, where MySQl and ACID works and I need info about how make
   Snort on different mashines to send all data to the centralized mysql
   base.


Just have all the snort.conf's log as follows:

output database: log, postgresql, user=snort_db_user \
 dbname=snort host=my-database-backend.mydomain

So output from all sensors is going to a central database. You may
need to tweak the database config and permissions in this case, to
allow remote access - I think you do need to with postgresql at least.

What errors are you seeing? 

cheers,
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: