Snort mailing list archives
Re: Dual home IDS? ACID and send email alerts on one, IDS on the other.
From: Jason Alexander <lists () itsecurity3 its uiowa edu>
Date: Sat, 23 Oct 2004 09:15:39 -0500 (CDT)
This is what everyone that I have ever known to use snort has done. If you have a low speed network you can get away with having all the process (snort, http, PHP) on one box. But as you get to high speeds most people split the database, httpd, and the sensors into seperate boxes. This way one processes doesn't impact the other. Once you do that you have to have dual NICs in the sensor so they can talk to the database and snort at the same time.
Jason On Fri, 22 Oct 2004, Marty Hauser wrote:
Greetings, Thanks to the great work of the group behind and Patrick S. Harper <mailto:patrick () internetsecurityguru com> , his procedures are very good and I have Fedora Core 2 and snort 2.2.0 running perfectly. There is nothing wrong with the IDS system, this question is on an enhancement. My manager configured the Cisco switch to mirror all traffic to one port. That's what we want, but I'm told that this port is IP-less and no traffic can flow into or out of the IDS system. The IDS system is connected to this port and working perfectly. The issue is the IDS system can't send emails or access the functional ACID website. I thought of adding a second NIC and directing SNORT to monitor this NIC instead and connect the original NIC to the network on a normal port and regain email and ACID website support. Have you guy's any guidance/ experience with resolving an issue like this? Any help would really be appreciated. Thanks, Marty Hauser
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Dual home IDS? ACID and send email alerts on one, IDS on the other. Marty Hauser (Oct 22)
- Re: Dual home IDS? ACID and send email alerts on one, IDS on the other. Jason Alexander (Oct 23)
- Re: Dual home IDS? ACID and send email alerts on one, IDS on the other. Sean Brown (Oct 23)
- Re: Dual home IDS? ACID and send email alerts on one, IDS on the other. Demetri Mouratis (Oct 23)
- RE: Dual home IDS? ACID and send email alerts on one, IDS on the other. Jim Hendrick (Oct 24)
- Re: Dual home IDS? ACID and send email alerts on one, IDS on the other. Alex Butcher, ISC/ISYS (Oct 25)