Re: Snort alerts to SNMP

["Rafeeq Rehman" <rr () argusnetsec com>]

Depends upon the environment. Usually goal of monitoring the business
production systems is to keep an eye on things which are critical to routine
business operation (databases, routers etc.). As a matter of principle,
monitoring of security devices should be separate from monitoring of, for
example, an oracle server. Other opinions are welcomed.

----- Original Message ----- 
From: "Roy S. Rapoport" <snort-users () ols inorganic org>
To: <snort-users () lists sourceforge net>
Sent: Wednesday, May 21, 2003 9:26 PM
Subject: Re: [Snort-users] Snort alerts to SNMP


> On Wed, May 21, 2003 at 09:00:52PM -0400, Rafeeq Rehman wrote:
> > I don't have experience with Nagios but it works very well with HP
OpenView
> > (I tested with Network Node Manager). Yes, you can do some trend
analysis
> > based upon traps/alerts. However, I don't recommend to merge Snort data
with
> > any production network monitoring system. False alarms do occur which
may
> > panic operators in production environment.
>
> I'm not sure I understand -- if you're using Snort as an IDS (Intrusion
> Detection System) shouldn't you be panicing, or at least responding
> vigorously, in the case of an alarm?
>
> -roy



-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users