https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451896#M8671 <P>Yes, DB Connect does not have to be installed on the same server as the database - in fact it is very much recommended against.</P> <P>Best practice is to install a dedicated DBX heavy forwarder, which is separate from both the Splunk indexers and your DB servers.</P> <P>You will need to configure a connection for DBX to connect to the remote server, but this is just the same as any other multi tier application<BR /> <A href="https://docs.splunk.com/Documentation/DBX/3.1.4/DeployDBX/HowSplunkDBConnectworks">https://docs.splunk.com/Documentation/DBX/3.1.4/DeployDBX/HowSplunkDBConnectworks</A></P> Thu, 21 Mar 2019 11:49:46 GMT nickhills 2019-03-21T11:49:46Z https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451895#M8670 <P>anybody knows how to install &amp; configure Firegen for Snort splunk?<BR /> in this case, I have 2 different servers, where Snort is separate from Splunk Server.</P> <P><STRONG><EM>scenario</EM></STRONG></P> <BLOCKQUOTE> <P>Snort Dedicated server: 192.168.1.89<BR /> Splunk Server: 192.168.1.113</P> </BLOCKQUOTE> <P>in readme.txt file, developers said.. he has a case where Splunk &amp; Snort is on the same server, it's because he used Splunk DB Connect App to get log data from snort DB (MySQL).</P> <P>So, what I want to ask, can I use a method that is almost the same but different server?</P> <P>Please.. help me, every help would be appreciated</P> <HR /> <P><IMG src="https://splunkbase.splunk.com/app/4118/" alt="Splunk Apps: Firegen for Snort" /><BR /> <A href="https://splunkbase.splunk.com/app/4118/">https://splunkbase.splunk.com/app/4118/</A></P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/6746iC5E813FCD1270F05/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Thu, 21 Mar 2019 11:40:00 GMT https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451895#M8670 gibranduatiga 2019-03-21T11:40:00Z https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451896#M8671 <P>Yes, DB Connect does not have to be installed on the same server as the database - in fact it is very much recommended against.</P> <P>Best practice is to install a dedicated DBX heavy forwarder, which is separate from both the Splunk indexers and your DB servers.</P> <P>You will need to configure a connection for DBX to connect to the remote server, but this is just the same as any other multi tier application<BR /> <A href="https://docs.splunk.com/Documentation/DBX/3.1.4/DeployDBX/HowSplunkDBConnectworks">https://docs.splunk.com/Documentation/DBX/3.1.4/DeployDBX/HowSplunkDBConnectworks</A></P> Thu, 21 Mar 2019 11:49:46 GMT https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451896#M8671 nickhills 2019-03-21T11:49:46Z https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451897#M8672 <P>so.. you mean, I need 3 servers?</P> <OL> <LI>Splunk Server</LI> <LI>MySQL Server</LI> <LI>DBX Heavy Forwarder</LI> </OL> <P>bye the way, to be honest.. poor me, I don't know how to start.. i am stucked. can you teach me step by step?</P> Thu, 21 Mar 2019 12:22:39 GMT https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451897#M8672 gibranduatiga 2019-03-21T12:22:39Z https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451898#M8673 <P>I assume you already have a MySQL server - perhaps installed on your Snort Server?</P> <P>'Ideally' you would install DBX on its own dedicated heavy forwarder.<BR /> This Forwarder sends its data to the Splunk Indexer.</P> <P>So yes, that is 3 systems in total, but i assume that the Snort server and Splunk server already exist?</P> Thu, 21 Mar 2019 12:29:04 GMT https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451898#M8673 nickhills 2019-03-21T12:29:04Z https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451899#M8674 <P>Yes, I did it before..<BR /> installing MySQL server in my Snort Server is done, and Splunk server is already exist..<BR /> so.. now? what i should i do? creating the dedicated heavy forwarder server to install DBX on it? and then.. ?</P> <P>teach me my master..</P> Thu, 21 Mar 2019 12:35:51 GMT https://community.splunk.com/t5/Installation/Firegen-for-Snort-splunk/m-p/451899#M8674 gibranduatiga 2019-03-21T12:35:51Z