Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and ACID on separate systems?

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 18 Jun 2002 14:47:24 -0700 (PDT)
On Tue, 18 Jun 2002, Djinn D'Angel wrote:


I have been running Snort in my environment for quite some time and using
Snortsnarf as a psudo-reporting mechanism. I want to move to using ACID for
reports and database storage of alerts, but I also want to be able to have
Snort and ACID running on separate systems. I have not been able to find
any good documentation on implementing Snort and ACID in this way. Can
someone make a suggestion where I might look?


Actaully, it's very simple.

On the DB output line, just change 'localhost' or 127.0.0.1 into the machine
you've got MySQL on.  Make sure that snortuser () sensorname domain com has
access to the tables.  That's about it--IIRC.  :)  Just don't put your MySQL
box in the DMZ.  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


----------------------------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: