Snort mailing list archives
Re: Snort Setup Scenario - Suggestions
From: "Josh Berry" <josh.berry () netschematics com>
Date: Thu, 9 Oct 2003 15:49:05 -0500 (CDT)
1) It will affect performance but Snort should be able to handle it fine (more than likely you would take a bigger performance hit running MySQL and Snort on the same box, especially while running queries off the MySQL). 2) You do not have to install MySQL server on the sensor, just the development/client parts. 3) I am not completely sure but you could probably accomplish this with some BPF filters, or you could create pass rules/BPF filters for the addresses you don't want to alert on and then run TCPDump to just log packets from those machines.
Hi, We are setting up snort for our DMZ Traffic. Interface for sniffing will
have no IP Address and a second interface will be used for management etc.
I want to log to my-sql database, which will be on a different machine. 1. Will it effect performance if I send the logs to my-sql running on a
different machine ?
2. Do I still need to install my-sql on the Snort-Machine to compile it
with my-sql support, even though I won't be using it ?
3. Is it possible to sniff and generate alerts (and log) for the whole
subnet but Only log "traffic\packets" for some specific IP Addresses ?
Regards \\ Naman ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Setup Scenario - Suggestions Naman Latif (Oct 09)
- <Possible follow-ups>
- Re: Snort Setup Scenario - Suggestions Josh Berry (Oct 09)
- RE: Snort Setup Scenario - Suggestions Naman Latif (Oct 09)
- RE: Snort Setup Scenario - Suggestions Josh Berry (Oct 09)