Snort mailing list archives

RE: Multiple databases with snort

From: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Date: Thu, 13 Mar 2003 08:40:16 -0600

Yes, snort will log to multiple db's simultaneously.  You just have to
set up multiple output directives in the snort.conf file.
 
 

Andrew Hutchinson - Network Security
Vanderbilt University Medical Center
(615) 936-2856 

        -----Original Message-----
        From: Counselman, Chris Contractor/Sverdrup
[mailto:chris.counselman () us army mil] 
        Sent: Wednesday, March 12, 2003 10:55 AM
        To: 'snort-users () lists sourceforge net'
        Subject: [Snort-users] Multiple databases with snort
        
        
        RH 8.0, ACID .9.6b22, snort 1.9.1, mysql
         
        I would like to setup snort to log to two databases at once. I
would like to do this so I can have a real-time database that analysts
can look at and delete alerts that have already been viewed and and
archive database. I have tried setting up ACID to archive but sometimes
it will and sometimes it won't, I keep getting duplicate alerts ignored
errors. This is so frequent the archive feature in ACID is practically
unusable. Can you log to two databases at once from the same box without
running multiple instances of snort? Is there any program out there that
will archive better than ACID?
         
        Thanks, Chris

Current thread:

Multiple databases with snort Counselman, Chris Contractor/Sverdrup (Mar 13)
- Re: Multiple databases with snort Jon (Mar 13)
- <Possible follow-ups>
- RE: Multiple databases with snort Hutchinson, Andrew (Mar 13)