Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Security onion, Snort, plus subnets?

From: Corbin Fletcher <corbin () freeway com>
Date: Tue, 24 Apr 2012 08:30:19 -0700
Hello All--

We have made some good progress...we now have installed Security Onion 
in a virtual environment, on our data center, and we have configured 
Snort. We are using Squert, Snorby, and Squil to monitor events as the 
occur.

Our sensor appears to only be monitoring traffic on our private network 
(subnet), 10.10.xx.xxx This is also the subnet where our sensor lives. 
Our sensors IP address is 10.10.xx.xxx

The next step is to configure our Snort sensor to monitor all traffic 
coming from our main switch (Cisco 2960G) e.g., monitor all traffic on 
our network.

We will need to configure Snort to watch the SPAN port on our switch.

Can anyone advise on how bets to achieve this goal- on the sensor side? 
Do we need to add a network in the Snort config file? I am lost at this 
point and any advice on Snort configuration is much appreciated.

Is there another way to best and easily achieve our goal to monitor all 
traffic on our network with Snort?

Another way to ask this question...how can I configure Snort to monitor 
all traffic throughout our small data center, which provides VoIP 
services, including private address (e.g., 10.10.xx.xxx)
and other sub nets 66.113.xx.xxx

At this point, Snort is monitoring on a small segment (subnet) on a 
large network; therefore, we are not receiving the full benefit of the 
data our Snort sensor is collecting.

Thanks in advance...any information will be helpful. ~Corbin

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: