Snort mailing list archives
Re: Have Snort on our master log server
From: Jason Brvenik <jasonb () sourcefire com>
Date: Sat, 24 Dec 2005 09:15:12 -0500
Jacob Friis Saxberg wrote:
You can have multiple snort instances logging to a central server though.How do I do that?
Check out the setup guides at http://www.snort.org/docs/ for your platform In general the guides cover setting up a system with everything on them and then there is a section about logging to a central database. In short it goes like this. - Configure snort on your sensors to use unified output - Use barnyard or Flop to send the output to your database - Point your analysis frontend to this databse.
Thanks! Jacob
------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Have Snort on our master log server Jacob Friis Saxberg (Dec 23)
- Message not available
- Message not available
- Re: Have Snort on our master log server Jason Brvenik (Dec 24)
- Message not available
- Message not available
- Re: Have Snort on our master log server Matt Kettler (Dec 27)