I'm a big fan of IDS/IPS when logging output to a MySQL DB. I created a package (for v5 IIRC) to allow Snort to log to an external MySQL DB so I could use ACID/BASE to analyze alerts. It was slightly problematic in my HA environment. However, since there is already an MySQL DB onboard...
Would it be possible to create another DB in MySQL to store IDS/IPS alerts? It would then be as simple as opening the MySQL port to internal connections and using something like ACID or BASE to analyze alerts.
Has this been discussed or contemplated? I think that a proper IDS/IPS alert interface would be of great use.
This thread was automatically locked due to age.