Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Any HOWTO for merging separate snort IDS's into central DB?

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sat, 21 Dec 2002 21:24:52 +1300
Benjamin Hippler wrote:


hi,
i have currently 3 sensors (will become more) for 4 C nets logging into one
central MySQL DB and works fine. Why do you still want to write the
logs/entries locally? if you give all your boxes the same mysql hostname to
write the logs you dont have to merge all your stuff afterwards.
I am managing snort systems in Sweden, East and West Coast USA and New Zealand. Try centralizing that without running the risk of DoSing your WAN links...
I have personally seen snort produce 300 alerts/sec due to one of these networks having extremely odd SNMP traffic triggering it. If I had central logging, I would have taken down our company's WAN... (100Mbs monitored links don't go down T1 WAN links very well...) 

Jason





-------------------------------------------------------
This SF.NET email is sponsored by:  The Best Geek Holiday Gifts!
Time is running out!  Thinkgeek.com has the coolest gifts for
your favorite geek.   Let your fingers do the typing.   Visit Now.
T H I N K G E E K . C O M        http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: