Snort mailing list archives
RE: Clarification of understandings.
From: "LaRose, Dallas" <Dallas_LaRose () s2systems com>
Date: Fri, 9 Aug 2002 17:32:19 -0500
It sounds like you are trying to minimize hardware. Technically it can be done on the same box. A problem I was having was that when I'd query MySQL (via ACID), it would hit the processor so hard that snort would start dropping packets. My recommendation... log to another low end SQL box. Keep the snort sensor doing exactly that... sensing. -----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Friday, August 09, 2002 5:17 PM To: Tim; Snort-list Subject: Re: [Snort-users] Clarification of understandings. You read this? http://home.earthlink.net/~sjscott007/genericIDSlayout.jpg --- Tim <twr () bellsouth net> wrote:
Please bear with me .... I am so very new to the software programs involved. I have downloaded and read the installation documentation for all the software packages involved but the installation topology eludes me. I have asked a similar question before on the list but I guess I didn't make the question very explicit. I want to install the five primary packages, (Apache, MySQL, Webmin, ACID and Snort), and the ACID dependencies, (PHP, ADOBD, PHPLOT). To my understanding, so far, one can install all the packages in one box to monitor an external, DMZ and internal interface via hubs placed at the points where snort can see all the packets going/coming from the particular interface. Is this right so far? If not, I'm limited as to how many boxes (2) I can use in order to install all the packages....so in this case, what combination of packages do I have to install on each one of the boxes in order to have this IDS topology working properly. The documentation I have read are very well put together but they are missing this one key element. If their is documentation that one can point me (or that I missed somewhere) to that will give me some guidance towards this goal, it would be appreciated. Or, if someone has had a similar experience and has successfully deployed such a topology and can give me some pointers this also would be extremely helpful. Your input/insights will be gratefully appreciated. Tim -- Mia/Fla Student
===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Clarification of understandings. Tim (Aug 09)
- Re: Clarification of understandings. twig les (Aug 09)
- <Possible follow-ups>
- RE: Clarification of understandings. LaRose, Dallas (Aug 09)