Snort mailing list archives

RE: Snort and ACID (multiple sensors)

From: "Michael Steele" <michaels () silicondefense com>
Date: Thu, 21 Mar 2002 08:11:15 -0800

Rohit,

 

You will need to have snort log to one centralized database, then use
Acid to read from that one database.

 

Change the output database line in snort.conf to reflect the location of
your ONE database and change the user name. Then add that user to MySQL
with the approperate permissions. Make sure you have a secure path for
the remote sensor to connect to the MySQL database.

- Michael

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rohit Raju
Sent: Thursday, March 21, 2002 6:18 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort and ACID (multiple sensors)

 

Hi,

 

      I have Snort running at the entry points into my Co.'s two
geographically separated intranets...both logging into their respective
MySQL databases. I use ACID to monitor the alerts. My question is, can i
monitor both those sensors using a single ACID interface? 

      ...in other words, how do i add another sensor to my ACID console?

 

                                                   Regards,

                                                   Rohit Raju, CISSP.

                                                   Network Security
Engineer,

                                                   Peak XV Networks,
Inc.

Current thread:

Snort and ACID (multiple sensors) Rohit Raju (Mar 21)
- RE: Snort and ACID (multiple sensors) Michael Steele (Mar 21)
- <Possible follow-ups>
- RE: Snort and ACID (multiple sensors) Luo, Feng (Exchange) (Mar 21)
  - RE: Snort and ACID (multiple sensors) Keith Ramsey (Mar 21)
    - Re: Snort and ACID (multiple sensors) Leigh David Heyman (Mar 21)