Re: Enterprise deployment

[Saad Kadhi <bsdguy () docisland org>]

On Thu, 2002-01-31 at 22:44, Frank wrote:
> Have snort log to a database.
IMHO, It's better to de-couple snort from the database logging since the
db will be "Internet miles" away. This is done by using the unified
output format of snort which will log in binary format (fast/efficient).
Then use barnyard to read the file & send the logs to the remote db. If
you wanna wrap this under an encrypted connection, you have many
options: stunnel, vpn/isakmpd, ssh tunneling, ...etc.

Regards. 
> You can do this with a nice web interface in Demarc and ACID.
>
>
> On Thu, 31 Jan 2002, snortlst snortlst wrote:
>
> > I run snort in our local office but we would like to try it for a copuple of
> > other branches. Is it possible in some way to conifugre snort to monitor
> > remte sensors, like here in Toronto I would have a central console or
> > datatbase repository for the sensors running in Ottawa and Calgary?
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
/Saad Kadhi --  [skadhi () ib-group com] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well
-- 
/Saad --  [bsdguy () docisland org] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users