Re: Multiple Interfaces with mysql & acid

["Guillaume" <guillaume () anteria fr>]

Dans son précédent message Steven Williams écrivait :

> My next challenge is to load up multiple interfaces on this server for
> various networks.
>
> I know I have to write multiple services with each having the different
> interface id's, but do I log this to the same mysql database or do I
> create a new database for each interface or instance and customise a
> acid report for each?

Hi.

You can (should?) use the same DB to log all your sensors's alerts. I use
to do that, it works fine. You also can set up a special name for each of
you snort instance that will be used in the DB to identify each sensor. By
default, it will be printed out like "ip_address_or_sensor_hostname:nic_id"
on the DB.

You can specify a id name for your sensor by adding the parameter
sensor_name on your snort.conf file :

output database: log, mysql, dbname=snort user=jed host=localhost
password=xyz sensor_name=lan_sensor

Regards,

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users