what's the best setup?

[c white <cwhite () theatomicmoose ca>]

What is the best setup for this network?

I work for a large educational institution, all of our servers are on a 
switch, and I am not permitted, by policy, to place a sniffer between 
the switch and our router, all of the servers are on the same subnet, a 
mix of Unix, LINUX, winNT and win2k.

I was thinking about installing a "master" snort box, which would sniff 
on its own port and use mysql to store the data, and acid to present it 
through a web interface, and then install snort "sensors" on the other 
servers and report the data to the "master" server, the only problem 
with this is that some of the win servers are smp and winpcap doesn't 
like smp, is there another way to sniff out these servers without 
installing a "sensor" locally (did i miss something in the manual) or am 
I just S-O-L.

Suggestions, comments and ideas will be greatly appreciated?


_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users