Hi, > works fine except that I want the communication between Snort (on > firewall) and Mysql Server (currently my desktop for testing) to be > encrypted. In the past I had done this on OpenBSD using Stunnel with > mysql 3.xx.xx. I'm trying to get it all going with ssl enabled mysql > client and server.
Not supported by snort. To get encrypted DB logging use stunnel, ssh or IPSec. Apart from that it's a bad idea. SQL logging from the snort process will create overhead that will slow down the detection engine to the point that it might miss packets. Adding SSL to that would increase the overhead even more. Look at barnyard for SQL logging from snort, and use any transport encryption method you prefer. ciao, chakl
