Snort mailing list archives
adding additional sensor to ACID
From: "Ghercoias, Catalin" <CGhercoias () TWEC COM>
Date: Fri, 4 Apr 2003 10:45:05 -0500
Look at your snort.eth1.conf file. There should be a line like this below: output database: log, mysql, user=your_user password=your_password dbname=your_database host=your_host port=3306 sensor_name=Your_sensor_name detail=full Change the name of the sensor with something else. Once this is done and an alert will be triggered on the second snort box you should see that in ACID. You'll be having 2 sensors and alerts will go separately in database according to the sensor they originated from. Thank you, ___________________________ Catalin Ghercoias Web/Security System Administrator Office Phone: +(518) 452-1242 Ext.7435 Fax: (518) 452-4768 Mail: Catalin Ghercoias <mailto:cghercoias () twec com> website: http://www.fye.com <http://www.fye.com/> The content of this communication is classified as Transworld Entertainment Confidential and Proprietary Information.The content of this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this communication then delete it from your system. We appreciate your assistance in preserving the confidentiality of our correspondence. Thank you. Message: 9 From: John Hally <JHally () epnet com> To: snort-users () lists sourceforge net Cc: acidlab-users () lists sourceforge net Date: Fri, 4 Apr 2003 09:20:00 -0500 Subject: [Snort-users] adding additional sensor to ACID Hello, I added a second sensor to the network, but can't seem to find any docs explaining how you add a second sensor to ACID. I had thought it would just report automatically, but it doesn't seem to be logging to the DB. Anyone run into this? thanks in advance. ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- adding additional sensor to ACID John Hally (Apr 04)
- Re: adding additional sensor to ACID sunzi (Apr 04)
- <Possible follow-ups>
- RE: adding additional sensor to ACID Brei, Matt (Apr 04)
- RE: adding additional sensor to ACID John Hally (Apr 04)
- adding additional sensor to ACID Ghercoias, Catalin (Apr 04)
- RE: adding additional sensor to ACID SecurityAdmin (Apr 06)
- RE: adding additional sensor to ACID Wayne . Freeman (Apr 07)