Multiple sensors one database

["Atkins, Dwane P" <ATKINSD () uthscsa edu>]

Good afternoon,

We are running two snort devices and attempting to get them both to record to one mysql database.

Created database snort.  Assigned permissions to sensor1@10.10.10.10<mailto:sensor1@10.10.10.10> and 
sensor2@10.10.10.11<mailto:sensor2@10.10.10.11>.  I installed Snort 2.9.0.5 schema so that databases would all look the 
same. Yes, I did have a single mysql database on each sensor but was told in that in order to run a particular 
Application, I would need a single database.

We are using Snort 2.9.0.5 on Ubuntu 10.04.01 LTS.  We are using Barnyard2.  In the Barnyard2.conf file, we have an 
entry, "output database: log, mysql, user=snort password=snortpass dbname=snort host=10.10.12.1 sensor_name='sensor1'  
and have an identical entry for the second sensor.

I have not made any configuration changes the my.cnf.  It currently binds to 127.0.0.1 but should I have it bind to the 
Master

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 10.10.12.1

Is there anywhere else I need to check?  Do I need to shutdown mysql on each sensor now?

Thank you

Dwane

------------------------------------------------------------------------------
Forrester Wave Report - Recovery time is now measured in hours and minutes
not days. Key insights are discussed in the 2010 Forrester Wave Report as
part of an in-depth evaluation of disaster recovery service providers.
Forrester found the best-in-class provider in terms of services and vision.
Read this report now!  http://p.sf.net/sfu/ibm-webcastpromo

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users