Snort mailing list archives
RE: Best Enterprise Snort Configuration
From: "McPheeters, Scott" <smcpheeters () fnms-indy com>
Date: Wed, 12 Feb 2003 11:18:28 -0500
I have 9 sensors running with 1 mysql database (2.5gig quad xeon). It runs real well unless we have some new traffic that the rules go nutz over. IE. a network guy setup a new performance monitor on 4 zones that was causing snmp alerts like crazy and I had to get my rules updated to pass that traffic instead of alert on it. Scott -----Original Message----- From: tfandango [mailto:tfandango () yahoo com] Sent: Wednesday, February 12, 2003 10:39 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Best Enterprise Snort Configuration Good news, I have a go for a Snort R&D project to prove that Snort can handle the traffic that our current commercial $oftware does. So I have a few questions... What is the best enterprise setup? I estimate that we will need about 60-70 sensors when it's all said and done. For an R&D project, I figure that I will start with about 2 sensors running linux. So what snort-related tools do you guys like the best? I will probably try to use mySQL to start off with and log to a central database somewhere. But what tools are available to remotely manage the snort application, display the all sensor alerts in near realtime on some central console (I assume this will be something that polls the database), etc, etc. Just looking for some opinions in this area! Thanks! tfandango __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Best Enterprise Snort Configuration McPheeters, Scott (Feb 12)
- <Possible follow-ups>
- RE: Best Enterprise Snort Configuration Hutchinson, Andrew (Feb 12)
- RE: Best Enterprise Snort Configuration Kreimendahl, Chad J (Feb 14)
- Re: Best Enterprise Snort Configuration Bennett Todd (Feb 14)