Snort mailing list archives
Re: ideal setup
From: Robert Cole <robert () support4linux com>
Date: Wed, 7 Aug 2002 22:58:19 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm a network engineer by trade and I'm doing this on my home network of computers as a learning point to really get familier with it. I'll probably try this in a couple of different configs. I just wanted to get an idea of the sorts of things I'm looking for and have some ideas rolling around in my head before I get in extremely deep to howto's and docs. If I don't have some idea of why and how in my head already my eyes glaze over reading docs for just the sake of learning. :) I have to have a point and reason to read em then I have DRIVE! :) Thanks everyone for your input. Very much appreciated. I'm sure I'll be back with some brutal questions in few days or after linuxworld. :) Robert On Wednesday 07 August 2002 02:28 pm, Keith Young wrote:
Robert Cole wrote:Ok lets go for a not so dream setup. How about snort running on the firewall machine and sending its logs to a syslog server. That a decent setup if the syslog server is heavily protected as well?Robert, I wouldn't run Snort on the firewall for two reasons: * Snort will put the interfaces into promiscuous mode * running extra services usually isn't a good idea What about running a Snort box outside and a Snort box inside which sends log data to the syslog server in the DMZ?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9Ugh7OWbzte5wVEURAtz9AJ4y3CjdYrS81NSYuvlbgK8+cUMQkQCfZ7bT n+K5p/45HMKmDVDv/Xgn+yE= =QJ+i -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ideal setup Robert Cole (Aug 07)
- Re: ideal setup quentyn (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup Keith Young (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup quentyn (Aug 07)
- <Possible follow-ups>
- RE: ideal setup Kevin Brown (Aug 07)
- Re: ideal setup Keith Young (Aug 07)
- RE: ideal setup twig les (Aug 09)
- RE: ideal setup Kevin Brown (Aug 08)