RE: 3 Snort, 1 MySQL

[Jason Gauthier <jgauthier () lastar com>]

Actually, I change my plan :)

This will take testing to make sure my machine can handle the load.
But I'm planning on putting a machine with 3 NICs in it.
2 of them unaddressed. One on the DMZ and one outside. 
the last, addressed, inside.

And hoping that I can make all 3 snorts instances log to mysql in an
organized fashion.
(Database per instance? tables are based on interface?)

Any recommandation on how that works are welcome.

> -----Original Message-----
> From: Beno Chapman [mailto:beno_chapman () wgbh org]
> Sent: Friday, June 28, 2002 9:58 AM
> To: Snort at Sourcefourge
> Subject: Re: [Snort-users] 3 Snort, 1 MySQL
>
>
> Olah,
>
> I'm currently setting something like this up.  My question is 
> why did you
> decide to place the MySQL backend 'inside'?  I've been thinking about
> placing it inside my DMZ so I can securely access from outside 
> (while at
> home).  Plus the way our DMZ is set it's harder for traffic to 
> crawl into
> the LAN than it is for traffic to crawl into the DMZ from the LAN.
>
> Late,
> Beno Chapman
>
>
> On 6/26/02 9:22 AM, "Jason Gauthier" <jgauthier () lastar com> wrote:
>
> > Greetings-
> >
> > I'm interested in using MySQL as the logging back end.  My 
> plan involved 3
> > snort systems: Inside, Outide, and DMZ. (Pretty normal 
> stuff).  I would like
> > on box on the inside of my network to host MySQL.
> > My intention is to use the SSL capabilities of MySQL, to secure the
> > connection from the DMZ and the Outide snort servers.
> >
> > Is this possible, and are there any cavaets I should consider?
> >
> > Thanks,
> >
> > Jason
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: Jabber Inc.
> > Don't miss the IM event of the season | Special offer for 
> OSDN members!
> > JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Caffeinated soap. No kidding.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Caffeinated soap. No kidding.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users