Snort mailing list archives
Re: Limitations
From: Ian Macdonald <secsnort () dirk demon co uk>
Date: Wed, 7 Aug 2002 23:04:52 -0400 (EDT)
It is possible but it all depends on your traffic and the rules you have loaded. Run it then see if snort is dropping packets, you can do a control C and it will print stats. If you see packets being dropped I would split snort from the database to another machine. Ian On Wed, 7 Aug 2002, Tim wrote:
Hey ppl, A little help, please. I have some limitations in what and where I can make my installations on for Snort and utilities and in need of some expertise from those who have had similar problems. This is my set up: DSL coming into a Cisco 806 router which is connected to the first (eth0) of three interfaces on a Linux RH 7.3 box strictly running my firewall (iptables/net filter). The second (eth1) interface is for a DMZ which is populated with an Apache web server and a mail server. The third (eth2) interface is for my LAN with a couple of NT domain controllers, M$ SQL server, a couple of Citrix servers and a box running some of the services for the LAN. Obviously there are two switches that interconnect the subnets. I'm limited to how many boxes I can configure for an IDS system. It would seem like such a waste to run separate machines for the different programs in order to effectively run an IDS system. My question: Is it possible to install three (maybe four for management) interfaces on one box and install the Apache Web Server, MySQL, Webmin, ACID and Snort, in other words, have all the necessary installations in order to run snort and monitor the external, DMZ and internal interfaces on the firewall from one box? Is this possible? I'm very limited to how many boxes I can use in order to effectively monitor/learn what is going on with security on my network. I would like to hear from those who have effectively done so and hear the pros and cons to why this could or could not work. Thanks in advance for any insights. Sincerely, Tim -- Mia/Fla
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Limitations Tim (Aug 07)
- Re: Limitations Ian Macdonald (Aug 07)