Snort mailing list archives
Re: Enterprise deployment
From: "Tony Scalzitti" <tony () scalzitti org>
Date: Thu, 31 Jan 2002 17:51:12 -0500
Yes, by logging to a central database (you could also use the win32 front end I wrote :) ). I am not sure if you could use the SSL mysql option if you are concerned about the data going across the wire. I used Stunnel - it allows you to set up to deamons and forward traffic between them. I have the snort sensor configured to send alerts to the localhost on a unused port, this in turn forwards via a SSL tunnel to the database server, and that deamon unwraps the "package" and send it to the localhost on the mysql port. There is also the option to run some of the perl scripts available to grap the alert file(s) every so often and merge them - then run snortsnarf to create reports. This is really only good if you only want to check the remote sensors once or twice a day -T http://security.scalzitti.org ----- Original Message ----- From: "Frank" <la () pasadena net> To: <snort-users () lists sourceforge net> Sent: Thursday, January 31, 2002 4:44 PM Subject: Re: [Snort-users] Enterprise deployment
Have snort log to a database. You can do this with a nice web interface in Demarc and ACID. On Thu, 31 Jan 2002, snortlst snortlst wrote:I run snort in our local office but we would like to try it for a
copuple of
other branches. Is it possible in some way to conifugre snort to monitor remte sensors, like here in Toronto I would have a central console or datatbase repository for the sensors running in Ottawa and Calgary?_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Enterprise deployment snortlst snortlst (Jan 31)
- Re: Enterprise deployment Frank (Jan 31)
- Re: Enterprise deployment Tony Scalzitti (Jan 31)
- Re: Enterprise deployment snortlst snortlst (Feb 01)
- Re: Enterprise deployment snortlst snortlst (Feb 01)
- Re: Enterprise deployment Saad Kadhi (Feb 04)
- Re: Enterprise deployment Tony Scalzitti (Jan 31)
- Re: Enterprise deployment Frank (Jan 31)