[Snort-users] Multiple Sensors/Distributed Snort Config.
This is a discussion on [Snort-users] Multiple Sensors/Distributed Snort Config. within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. --===============2115122478== content-class: urn:content-classes:message Content-Type: multipart/alternative; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-13-2006
|
|||
|
|||
[Snort-users] Multiple Sensors/Distributed Snort Config.
This is a multi-part message in MIME format.
--===============2115122478== content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6A6A0.2B71A952" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6A6A0.2B71A952 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, I have been a Snort user for quite some time now and I have a few questions regarding setting up a distributed Snort system. I'm planning to put multiple sensors on my enterprise network and have all of these feed to a central database server. From my research I understand the best way to do this is have each remote sensor send its Snort output using MySQL. Is this the best way of doing this? Are there any applications to help me with what I'm trying to do? What about the rules and and making sure they're shared and up-to-date on all the sensors? Do I need to be running snort on the central database server if all it's doing is receiving sensor outputs and displaying reports using ACID or BASE? =20 =20 Any insight on this I would greatly appreciate it. =20 Thank you, Dan ------_=_NextPart_001_01C6A6A0.2B71A952 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2912" name=3DGENERATOR></HEAD> <BODY> <DIV><SPAN class=3D164471117-13072006><FONT face=3DArial=20 size=3D2>Hello,</FONT></SPAN></DIV> <DIV><SPAN class=3D164471117-13072006><FONT face=3DArial size=3D2>I have = been a Snort=20 user for quite some time now and I have a few questions regarding = setting up a=20 distributed Snort system. I'm planning to put multiple sensors on = my=20 enterprise network and have all of these feed to a central database=20 server. From my research I understand the best way to do this is = have each=20 remote sensor send its Snort output using MySQL. Is this the best = way of=20 doing this? Are there any applications to help me with what I'm = trying to=20 do? What about the rules and and making sure they're shared and = up-to-date=20 on all the sensors? Do I need to be running snort on the central = database=20 server if all it's doing is receiving sensor outputs and displaying = reports=20 using ACID or BASE? </FONT></SPAN></DIV> <DIV><SPAN class=3D164471117-13072006><FONT face=3DArial=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D164471117-13072006><FONT face=3DArial size=3D2>Any = insight on this=20 I would greatly appreciate it.</FONT></SPAN></DIV> <DIV><SPAN class=3D164471117-13072006><FONT face=3DArial=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D164471117-13072006><FONT face=3DArial size=3D2>Thank=20 you,</FONT></SPAN></DIV> <DIV><SPAN class=3D164471117-13072006><FONT face=3DArial=20 size=3D2>Dan</FONT></SPAN></DIV></BODY></HTML> ------_=_NextPart_001_01C6A6A0.2B71A952-- --===============2115122478== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 --===============2115122478== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============2115122478==-- 
|
Linear Mode
