As it has been the last years the sensor (snort) needed to
write
directly to the database. With today's release there's a way
to
output in unified format and let the server write the
payload into
the snort database.
Also, the framework needs to access the snort database in
order to
get even information, mainly:
- Security reports
- Event viewer
- Upgrades
Greetings,
Dominique
Am 08.08.2007 um 02:25 schrieb Brian Lavender:
> I am installing a sensor on one server and the
database/framework on
> another server. I want snort to listen on the sensor
server.
>
> sensor <----> framework / server
> snort (snort database needed here?)
> ssh
> (etc)
>
>
> Here is where I get confused. It seems that sensor
communicates to the
> server through the agent. So, why in
Configuration->Main do I need to
> enter information about the snort database? Does the
framework need to
> talk to the mysql database for snort directly?
>
>
> brian
> --
> Brian Lavender
> http://www.brie.com/brian/
>
>
------------------------------------------------------------
----------
> ---
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?
Stop.
> Now Search log events and configuration files using
AJAX and a
> browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Os-sim-support mailing list
> Os-sim-support lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/os-sim-s
upport
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Os-sim-support mailing list
Os-sim-supportlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-s
upport
|
