Snort mailing list archives
Re: Any HOWTO for merging separate snort IDS's into central DB?
From: Andrea Barisani <lcars () infis univ trieste it>
Date: Sat, 21 Dec 2002 10:47:31 +0100
From: Jason Haar [mailto:Jason.Haar () trimble co nz] Sent: Tuesday, December 17, 2002 6:55 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Any HOWTO for merging separate snort IDS's into central DB? For network protection we're running snort on separate boxes with local MySQL databases. However, once a month (say) I'd like to pull those SQL logs together into a "meta-DB" so that we can look at the IDS network as a whole. Obviously snort on these standalone systems are re-using the same id numbers for different things, so I was wondering if anyone had written a script that could allow such separate databases to be pulled together as a consistent offering. All our snort systems run the same release and same schema, so there data is internally consistent.
Hi, you can take a look at my Multiple Snort Sensor HOWTO, http://www.infis.univ.trieste.it/~lcars/ids It's not exactly what you are asking but maybe it can be helpful. Bye ------------------------------------------------------------ INFIS Network Administrator & Security Officer .*. Department of Physics - University of Trieste /V\ lcars () infis univ trieste it - PGP Key 0x8E21FE82 (/ \) ---------------------------------------------------- ( ) "How would you know I'm mad?" said Alice. ^^-^^ "You must be,'said the Cat,'or you wouldn't have come here." ------------------------------------------------------------ ------------------------------------------------------- This SF.NET email is sponsored by: Order your Holiday Geek Presents Now! Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap, MP3 Players, XBox Games, Flying Saucers, WebCams, Smart Putty. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Any HOWTO for merging separate snort IDS's into central DB? Cloppert, Michael (Dec 20)
- <Possible follow-ups>
- RE: Any HOWTO for merging separate snort IDS's into central DB? Benjamin Hippler (Dec 21)
- Re: Any HOWTO for merging separate snort IDS's into central DB? Jason Haar (Dec 21)
- Re: Any HOWTO for merging separate snort IDS's into central DB? Andrea Barisani (Dec 21)
- RE: Any HOWTO for merging separate snort IDS's into central DB? Cloppert, Michael (Dec 24)