Snort mailing list archives
Re: Rebuilding the wheel
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Thu, 27 Dec 2012 18:27:31 -0500
I feel so loved for having autosnort mentioned :-). Autosnort still has a bit of work before it can do what you ask, but the next project milestone is to have autosnort present a syslog only option for deployments like this so snort can easily integrate into a siem solution and just give you alerts. Other alternatives for you would be to utilize a configuration management solution for linux like puppet, chef or spacewalk Build out a single sensor and use that as a deployment template for your other sensors Hope this helps. On Dec 21, 2012 2:55 PM, "Y M" <snort () outlook com> wrote:
Besides Security Onion, you may want to take a look at Autosnort for automating the build of a Snort box: Blog: http://autosnort.blogspot.com/ Scirpts: http://snort.org/docsFrom: mike () millertwinracing com Date: Wed, 19 Dec 2012 10:06:25 -0700 To: snort-users () lists sourceforge net Subject: [Snort-users] Rebuilding the wheel I have a specific set of implementation requirements and have been awayfrom Snort long enough that I figured I'd ask before rebuilding the wheel (as fun as that initially sounds)six or so years ago, we had a 14 IDS infrastructure that bubbled it'sresults up to a Qradar box. The sensors were originally Gentoo boxes and worked well, but required a pretty serious investment in Gentoo to keep them running. They were also ONLY snort boxes. Sure, you could hop on them and run a TCPdump, but they were one trick ponys...also importantly: they were on the outside interface, meaning they didn't see NATTed traffic.I've used AlienVault and Security onion, and they are both more, andless than I want. I'm having issues with dropped packets on one of the first boxes, and it seems to be kernel related (fiber intel e1000 card on a HUGE DL585, 8 core, 32 Gb RAM, 1 gig feed). I'm still digging into compiling PF_ring support on a 2.8 kernel. Alienvault seemed to be doing too much, I don't need the bells and whistles, and Security Onion seems hell bent to record every single packet, which is great in an analyst box, but it's hell to tune.What I'm looking for is automation to roll out and manage a box thatdoes IDS stuff and receives syslog feeds to give visibility...from 22+ locations.------------------------------------------------------------------------------LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news! ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Rebuilding the wheel Mike Miller (Dec 21)
- Re: Rebuilding the wheel Doug Burks (Dec 21)
- Re: Rebuilding the wheel Y M (Dec 21)
- Re: Rebuilding the wheel Tony Robinson (Dec 27)
- Re: Rebuilding the wheel Mike Miller (Dec 27)
- Re: Rebuilding the wheel Tony Robinson (Dec 27)