RE: Clarification of understandings.

["LaRose, Dallas" <Dallas_LaRose () s2systems com>]

It sounds like you are trying to minimize hardware.  Technically it can be
done on the same box.  A problem I was having was that when I'd query MySQL
(via ACID), it would hit the processor so hard that snort would start
dropping packets.

My recommendation... log to another low end SQL box.  Keep the snort sensor
doing exactly that... sensing.


-----Original Message-----
From: twig les [mailto:twigles () yahoo com] 
Sent: Friday, August 09, 2002 5:17 PM
To: Tim; Snort-list
Subject: Re: [Snort-users] Clarification of understandings.


You read this?

http://home.earthlink.net/~sjscott007/genericIDSlayout.jpg


--- Tim <twr () bellsouth net> wrote:
> Please bear with me .... I am so very new to the
> software programs involved. I have downloaded and
> read the installation documentation for all the
> software packages involved but the installation
> topology eludes me. I have asked a similar question
> before on the list but I guess I didn't make the
> question very explicit. I want to install the five
> primary packages, (Apache, MySQL, Webmin, ACID and
> Snort), and the ACID dependencies, (PHP, ADOBD,
> PHPLOT).
>
> To my understanding, so far, one can install all the
> packages in one box to monitor an external, DMZ and
> internal interface via hubs placed at the points
> where snort can see all the packets going/coming
> from the particular interface. Is this right so far?
> If not, I'm limited as to how many boxes (2) I can
> use in order to install all the packages....so in
> this case, what combination of packages do I have to
> install on each one of the boxes in order to have
> this IDS topology working properly. The
> documentation I have read are very well put together
> but they are missing this one key element.
>
> If their is documentation that one can point me (or
> that I missed somewhere) to that will give me some
> guidance towards this goal, it would be appreciated.
> Or, if someone has had a similar experience and has successfully 
> deployed such a topology and can give me some pointers this also would 
> be extremely helpful.
>
> Your input/insights will be gratefully appreciated.
>
>
> Tim -- Mia/Fla
> Student


=====
-----------------------------------------------------------
All warfare is based on deception.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users