Re: Problems about snort in enterprise environment

[Erek Adams <erek () theadamsfamily net>]

On Thu, 7 Nov 2002, Andrea Iacopini wrote:

> I'm currently involved in a project which consist of Snort distribuited
> installation.
> Snort will monitor different subnets, my idea was to build a
> "complete-sensor" ( snort, mysql, acid, webmin ) for every module,
> anyway in this design
> administrative people need to monitor four different system.
> My thought was: is possible to create a single system Snort installation
> with different ethernet devices that watch on different subnet and log
> on the same DB ?
> Some suggestions ? Links ?

errr...  You could do that, but you'd be wasting a lot of time and effort,
IMHO.

My suggestion:  Don't waste time building a box with 'everything'.  Just
install snort on your sensors and nothing else.  Have all of your sensors
use Barnyard and log to a remote/central DB server and on the DB server
install ACID.  The 'leaner and meaner' you make your sensors the faster
they will be able to run and work.

Again, that's just my thoughts...  I'm not perfect nor sane.  ;-)

Hope that helps in some way!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users