Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SnortCenter and existing init s

From: "larc" <larc () pandora be>
Date: Fri 31 Jan 2003 18:21:38 +0100
Hi,

It's best that you don't change snortcenter but change your init script.
Change your script to something like this.

cmd_line=`cat "/etc/snort/snort_cmd_line.eth0"`
snort -D -i eth0 $cmd_line

if you start snort like this with your init script you still have the same snort settings and you will also be able to 
encrypt the Mysql traffic.
When you you use the management console to stop or restart snort, the ssh tunnel will still be active.

Hope this helps,
Stefan

------------------------
 "McGuire, Dennis" <dmcguire () brierley com> wrote:
------------------------
All, I have an existing distributed IDS infrastructure (snort

1.8.7/ACID/MySQL) that I am now trying to manage using SnortCenter.  I have
existing customized init scripts on the sensors that I want to have
SnortCenter use - this is because I forward port 3306 over ssh for traffic
back to the centralized snort db, and the up/down of the tunnel is done
within the init script for snort.

It seems that SnortCenter doesn't use the init scripts on the sensor, at
least from observation and reading sensor.php and index.cgi.  Has anyone
customized SnortCenter to use existing init scripts, or am I on my own?

Thanks,
Dennis






SnortCenter and existing init scripts on sensors



All, I have an existing distributed IDS 
infrastructure (snort 1.8.7/ACID/MySQL) that I am now trying to manage 
using SnortCenter. I have existing customized init scripts on the 
sensors that I want to have SnortCenter use - this is because I forward 
port 3306 over ssh for traffic back to the centralized snort db, and 
the up/down of the tunnel is done within the init script for 
snort.

It seems that SnortCenter doesn't use the init 
scripts on the sensor, at least from observation and reading sensor.php 
and index.cgi. Has anyone customized SnortCenter to use existing 
init scripts, or am I on my own?

Thanks,
Dennis





-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: