159
Figure 5 3 Many Snort PCs logging data to a centralized MySQL database server.
The scheme you choose depends on your particular requirements. For example, if
you are running only one sensor and don't have any pre existing database server, it is a
natural choice to install the database on the Snort machine itself. However if you have
many Snort machines, it makes sense to set up a centralized database server as shown in
Figure 5 3.
If you are running a separate database server and are logging to it from remote
Snort machines, you can send data without any security or you can use some type of
encryption. A possible scheme using the Stunnel package is discussed at the end of this
chapter. Using Stunnel, you can encrypt all data between the Snort machine and the
database server. This system also helps to pass data through firewalls, because you can
use the ports  that are already open in the firewall with Stunnel.
Before you start logging to MySQL database, you have to create a database on the
database server for Snort. After creating the database, you have to create tables where
Snort data is logged. The table schema used with the database is available from http://
www.incident.org/snortdb/ for your review. However, you don't need to create tables
manually because Snort comes with a script that will do the entire job for you. To work
with MySQL, you may have to recompile Snort with MySQL support, as will be
explained later in this chapter.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved