Snort mailing list archives

RE: Any HOWTO for merging separate snort IDS's into central DB?

From: "Cloppert, Michael" <Michael.Cloppert () 53 com>
Date: Tue, 24 Dec 2002 11:41:53 -0500

I am managing snort systems in Sweden, East and West Coast 
USA and New 
Zealand. Try centralizing that without running the risk of 
DoSing your 
WAN links...


For me it's a matter of redundancy.  I keep data on the sensors in case some
piece of network hardware takes a dump between my sensor and my central
database.  Also, if for some reason disaster befell my backend database, I
could only restore from tape to the most recent backup (the night before,
presumably).  I could rebuild ALL data in this case by simply re-importing
the events.

Mike


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: Any HOWTO for merging separate snort IDS's into central DB? Cloppert, Michael (Dec 20)
- <Possible follow-ups>
- RE: Any HOWTO for merging separate snort IDS's into central DB? Benjamin Hippler (Dec 21)
  - Re: Any HOWTO for merging separate snort IDS's into central DB? Jason Haar (Dec 21)
  - Re: Any HOWTO for merging separate snort IDS's into central DB? Andrea Barisani (Dec 21)
- RE: Any HOWTO for merging separate snort IDS's into central DB? Cloppert, Michael (Dec 24)