| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: 5.4 How can I Up: 5 Getting Fancy Previous: 5.2 How do I
5.3 How do I log to multiple databases or output plugins?
Feed the unified output files through Barnyard twice to separate databases, or...
You can build redundancy by using multiple output plugins. Here are some examples.
Multiple instantiations of the database plugin:
output log_database: mysql, dbname=snort host=localhost user=xyz
output log_database: mysql, dbname=snort host=remote.loghost.com user=xyz
Remote database and local tcpdump:
output log_database: mysql, dbname=snort host=remote.loghost.com user=xyz
output log_tcpdump: /var/log/snort.tcpdump
Then you can replay the tcpdump file through snort to recreate the database.
CAVEAT: Just playing back the log packets might not trigger some of the state dependent pre-processors.
| Terms of Use | Privacy Policy | forum archives | site feedback ©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |