Snort Setup Suggestions? *NEWBIE QUESTION*

["Charles Hamby" <fixer () gci net>]

I'm getting readying to helping the sysadmin from my college setup a
Snort sensor (Win32), and I'd like to get some input.

 

 

The network Snort's being installed on is non-firewalled (I know, I
know, I've been arguing with him about this for a year, but to no avail)
Win2k domain.  Neither of us know enough about Linux to know with a
Linux version, so I've decided on the win32 distro.  They're using an
entirely switched network, so since getting a tap would cost money
(which they don't have), we're looking at setting up the Snort sensor at
the network ingress point.  The only problem I have is that doing so
will require adding IIS in order to view the logs (can you say security
hole?) unless the sysadmin wants to walk down to the comm. Closet
several times a day to check the snort logs (doubtful).

 

Does anyone know of another way around this (as you can tell, I'm really
new to Snort).  Thanks!

 

 

-Charles