Snort mailing list archives

Queuing MSSQL log data without Barnyard

From: "Burleson, Lee (IA)" <Lee.Burleson () ia ngb army mil>
Date: Mon, 24 Sep 2001 09:54:24 -0500

Just an idea for anyone that is interested; feedback appreciated.

In the absence of Barnyard, I am toying with the following scenario:

*  Central DB: Win2k, MSSQL Standard, with Replication components installed
*  Snort sensor(s): Win2k, MSSQL _Personal_, Snort configured to log to
itself

*  The sensors would then be set up to replicate their local Snort DB the
Central DB, in a push only scenario.
*  All traffic between sensors and Central DB would be secured with IPSec.
*  MSSQL Replication would be handled in a queuing fashion.
*  No more problems with downtime of Central DB, as Sensors are logging to
themselves.

- Lee

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Queuing MSSQL log data without Barnyard Burleson, Lee (IA) (Sep 24)
- Re: Queuing MSSQL log data without Barnyard Chris Green (Sep 24)
- <Possible follow-ups>
- RE: Queuing MSSQL log data without Barnyard Burleson, Lee (IA) (Sep 24)
  - Re: Queuing MSSQL log data without Barnyard Chris Green (Sep 24)