snort-mysql, logging on TWO sql servers

[Michel Christophe <tofm2 () yahoo fr>]

Hello

        I run snort on two separated networks linked over VPN. Snort logging to
both sql servers taken separately work fine, so does the VPN.

        For security reasons, I would like to mirror the logging of one snort
sensor to both sql servers..

versions are as follow:

[cm@msi cm]$ rpm -qa | grep snort
snort-mysql-2.0.1-3mdk
snort-2.0.1-3mdk

[cm@msi cm]$ rpm -qa | grep SQL
MySQL-common-4.0.15-1mdk
MySQL-client-4.0.15-1mdk
MySQL-4.0.15-1mdk

On the first machine I (let us call it MACHINE-A have the following
snort database logging  config:

output database: log, mysql, user=XXXXX password=YYYYY dbname=snort
host=localhost encoding=hex detail=full

(this machine hosts both snort AND mysql server)

And I would like this machine to sql-log ALSO on the second sql server
(let us call it -MACHINE-B (MACHINE-B is located over the VPN, but I
think vpn in itself is not a problem )

Before I run in big headaches, I would like to ask this list first if
such a dual logging is possible ??

Then, if this is possible (which I hope), could you enlighten me how
should I fiddle with snort's config file:

Should I add a second snort-database logging config line such as
follows:

output database: log, mysql, user=XXXXX password=YYYYY dbname=snort
host=MACHINE-B encoding=hex detail=full

or sum'thin' like this :

output database: log, mysql, user=XXXXX password=YYYYY dbname=snort
host=localhost, MACHINE-B encoding=hex detail=full

Thanks for light

-- 
Michel Christophe <tofm2 () yahoo fr>

Attachment: signature.asc
Description: Ceci est une partie de message numériquement signée