Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sensor logging at remote mysql db

From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Wed, 10 Mar 2004 09:03:11 +0000
--On 09 March 2004 13:39 -0300 "Luis Claudio R. da Silveira" <lsilveira () tse gov br> wrote: 


Hi Michael,

after I've created an user snort at <ip sensor> at my remote mysql and
granted
all privileges to this user, I followed your advice setting output line in
snort.conf
properly. And all it's working fine now.
For bonus points, configure snort to use the unified logging/alerting output plugins and have barnyard or mudpit collect data from those files and send it to your MySQL database server independent of snort. This should improve the performance of snort by allowing it to focus on capturing packets and dumping their raw contents, rather than handing db interaction and decoding. 


Thanks for your help.
My best regards,
Luis Claudio


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: