help about snort
Results 1 to 5 of 5

Thread: help about snort

  1. #1
    Junior Member
    Join Date
    Apr 2002
    Posts
    2

    help about snort

    I have a question:
    my Snort sensors have 2 network card; I want to set the sensor for to controll the net that is connected on the netcard A and send the result to a database that is on the net of netcard B.
    There are people that know how I can to make this ??


    Thank's very much

    Blue_owl

    p.s. (excuse me fo my English but I'm not mother tongue )

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    When you fire off snort, use the flag -i to select the device name. You can also go into your snort.conf and search for the string 'database'. It will give you a few 'suggestions' for options, usually to a mysql database. You could then use something like stunnel to send the encrypted database entries to a central mysql server.

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Banned
    Join Date
    Apr 2002
    Posts
    149
    neb...well said.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    In addition, if you have not done so already, unbind the IP stack from the "sniffing" adaptor to prevent the box from being detected on your network. The only interface that should have an IP on an IDS box is the management interface.

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    I dont know what OS you are running, but if in linux(particularly red hat 7+) the document at the following link should be very helpful. Even if not running redhat, you can probably still get a lot of info from it.

    http://www.snort.org/docs/snort-rh7-mysql.pdf

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides