Re: snort & acid how-to

[Arvind Clemente <arvind () controlnet co in>]

Hi Brent
    I have preapered a how to in PDF format explaining configuration of
snort +ACID +mysql on REDHAT 6.2. The procedure for installing on FBSD
will be same.

Regarding Placement of your snort box, place it on the outside,
otherwise you will not know the originating ipaddresses. but make sure
the box is totally secured. I have explained to secure the box in the
same pdf. In my setup i have placed one  sensors outside the firewall
and one on dmz zone. and they report alets to a central console. The
External sensors is physically placed on the switch whose port is a
spanning port of the router.

For any clarifications you get get in touch with me

Thanks and Rgds

Arvind Clemente


Brent wrote:

> i installed snort 1.7 on my FBSD machine...seems to be running
> ..however ...in the snort.conf ...i had it ( for the moment ) log to
> syslog...question 1 is ....how do i  OR  is there a good "how-to " on
> getting snort to work with mysql ...and acid ?
>  question 2  is ...I have it running on the INSIDE interface ( the box
> is doing NAT)   should i be running it on the inside or outside
> interface ??any and all help is GREATLY appreciated.
> :-) thanx Brent

Attachment: snort_imp_guide.pdf
Description: