[Snort-users] Snort sensor IDs
This is a discussion on [Snort-users] Snort sensor IDs within the Snort forums, part of the System Security and Security Related category; This message is in MIME format. Since your mail reader does not understand this format, some or all of this ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-19-2004
|
|||
|
|||
[Snort-users] Snort sensor IDs
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible. ------_=_NextPart_001_01C4857E.3A9690B3 Content-Type: text/plain I'm left a bit confused over how Snort handles assigning sensor IDs and how I might be able to control it. For example, I just changed how Snort runs, and in doing so, a new sensor ID is created and dumps the data in there, which makes querying MySql from a front end annoying. Anyone know how to keep Snort to just a single sensor ID regardless of any changes I might make to the startup options? Or is there something inherent that would make that a really bad idea? On the same note, is it possible to dump data from multiple interfaces into a single "sensor"? I don't really care which sensor picked up the data as I can look at source/destination anyway. -Jason CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and/or privileged information protected by law. If you are not the intended recipient, you may not use, copy, or distribute this e-mail message or its attachments. If you believe you have received this e-mail message in error, please contact the sender by reply e-mail and destroy all copies of the original message. ------_=_NextPart_001_01C4857E.3A9690B3 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD> <BODY> <DIV dir=ltr align=left><SPAN class=012310817-18082004><FONT face=Arial size=2>I'm left a bit confused over how Snort handles assigning sensor IDs and how I might be able to control it. For example, I just changed how Snort runs, and in doing so, a new sensor ID<SPAN class=650024923-18082004><FONT color=#0000ff> </FONT>is created</SPAN><SPAN class=650024923-18082004> and dumps the data in there</SPAN>, which makes querying My<SPAN class=650024923-18082004>S</SPAN>ql from a front end annoying.</FONT></SPAN></DIV> <DIV><SPAN class=012310817-18082004><FONT face=Arial size=2></FONT></SPAN> </DIV> <DIV><SPAN class=012310817-18082004><FONT face=Arial size=2>Anyone know how to keep Snort to just a single sensor ID regardless of any changes I might make<SPAN class=650024923-18082004> to the startup options</SPAN>? Or is there something inherent that would make that a really bad idea?</FONT></SPAN></DIV> <DIV><SPAN class=012310817-18082004><FONT face=Arial size=2></FONT></SPAN> </DIV> <DIV><SPAN class=012310817-18082004><FONT face=Arial size=2>On the same note, is it possible to dump data from multiple interfaces into a single "sensor"? I don't really care which sensor picked up the data as I can look at source/destination anyway.</FONT></SPAN></DIV> <DIV><SPAN class=012310817-18082004><FONT face=Arial size=2></FONT></SPAN> </DIV> <DIV><SPAN class=012310817-18082004><FONT face=Arial size=2>-Jason</FONT></SPAN></DIV><br>CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and/or privileged information protected by law. If you are not the intended recipient, you may not use, copy, or distribute this e-mail message or its attachments. If you believe you have received this e-mail message in error, please contact the sender by reply e-mail and destroy all copies of the original message. </BODY></HTML> ------_=_NextPart_001_01C4857E.3A9690B3-- ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
