![snort logo](/images/snort-logo.png)
Snort mailing list archives
Combination of snort and argus (or ntop)
From: Chowalit Tinnagonsutibout <chowalit () nectec or th>
Date: Sat, 26 Oct 2002 02:15:05 +0700
Dear all. I just implement snort for my IDS system .. The sensor run on PIII 500MHz , 256 M, 20 GB Hard-disk , RedHat 7.2 and 10 M Ethernet. The propose of IDS is
protect DMZ server. I use it to monitor traffic from spanning port of switch(Cisco 2950). Normally, this PC is quite good for snort sensor. But snort is Signature-based NIDS, It does not prepare network traffic information from DMZ for me. So I think I should find other network trafficmonitoring tool, argus (http://www.qosient.com/argus) and ntop are cool stuff. Well, Some question in my mind was occured .... :-) ... Can I put argus(or ntop)
and snort into same (my sensor)PC ? Is it hard to implement? .. What is the problem of this model? One problem that I think... How the kernel seperate process of sniffing on each sensor(argus(or ntop) and snort)? Thank for Ur help Chongg_fi ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Combination of snort and argus (or ntop) Chowalit Tinnagonsutibout (Oct 26)