Snort mailing list archives
Re: Quick poll: favorite snort config?
From: Shane Hickey <shane () howsyournetwork com>
Date: 14 Jan 2003 16:51:12 -0700
On Thu, 2003-01-09 at 14:13, Benjamin Feen wrote:
Anyone want to share a quick summary of how their system's configured?
Personally, I use snort sending output to syslog and a MySQL server. I use swatch to watch syslog and e-mail me Priority: 1 alerts and Snort failing or restarting messages. I use Acid to wade through all my alerts each day. I mail the worse offenders to myself and have a procmail script parse all of the acid summaries out and put them into one file. Then I use the freeware script incident.pl to send incident reports to the appropriate (at least most of the time) contacts. It works pretty good for me, but there might be a better way. I'd like to start running snort-inline (because the FreeBSD box that runs snort at my home is also my firewall). It seems like good documentation on snort-inline is just starting to pop up, but I haven't read far enough into it to decide if snort-inline is dependent on iptables. Shane ------------------------------------------------------- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Quick poll: favorite snort config? Benjamin Feen (Jan 09)
- Re: Quick poll: favorite snort config? Shane Hickey (Jan 14)
- <Possible follow-ups>
- RE: Quick poll: favorite snort config? Petriz, Pablo (Jan 10)
- RE: Quick poll: favorite snort config? Petriz, Pablo (Jan 15)