Snort mailing list archives
Re: Doubts
From: ARUN LAL <arunlal7701 () gmail com>
Date: Thu, 11 Feb 2016 20:16:54 +0530
install snort on a sensor?? sensor means a server or a paid tool?? On Wed, Feb 10, 2016 at 7:32 PM, <wkitty42 () windstream net> wrote:
On 02/10/2016 08:21 AM, ARUN LAL wrote:Hi All, Sorry for the confusion. Let me just clarify myself. I know how toinstallSnort and Snorby on the same server and configure them to work togetherbutright now, I need to use Snorby on my server to fetch the alerts from 3 different remote servers that have Snort installed on each of them. Iwas hopingif you could provide me a step by step instruction or direct me to asuitableguide for the same.i cannot direct you to any guides or explain how to do it but the general idea is this... 1. install snort on a sensor in each network you need to monitor. 2. install a tool like barnyard2 on each sensor. 3. setup a central database somewhere for all sensors to report to. 4. configure each snort with a specific identifier to keep alerts separated by sensor in the central database. (see the -G and -logid command line parameters) 5. configure each tool like barnyard2 to gather the alerts and insert them into the central database. 6. use whatever tool you like (snorby??) to monitor the alerts in the central database. the basic gist is that each sensor pushes its alerts to the central database where all the monitoring is being done... effectively, once you install one snort/barnyard2 combination, you duplicate it to all other sensors giving each sensor an id number via the -G command line option... then each sensor's barnyard2 will push the sensor's alerts to the central database and you can use whatever tool you like to monitor the database... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Doubts ARUN LAL (Feb 08)
- Re: Doubts wkitty42 (Feb 08)
- <Possible follow-ups>
- Doubts ARUN LAL (Feb 10)
- Re: Doubts wkitty42 (Feb 10)
- Message not available
- Re: [Snort-users] Doubts ARUN LAL (Feb 11)
- Re: [Snort-users] Doubts wkitty42 (Feb 16)
- Re: Doubts wkitty42 (Feb 10)
- Re: Doubts Al Lewis (allewi) (Feb 10)
- Re: Doubts wkitty42 (Feb 10)
- Re: Doubts ARUN LAL (Feb 11)
- Re: Doubts stefan (Feb 11)
- Re: Doubts wkitty42 (Feb 11)
- Re: Doubts ARUN LAL (Feb 11)