Re: Quick poll: favorite snort config?

[Shane Hickey <shane () howsyournetwork com>]

On Thu, 2003-01-09 at 14:13, Benjamin Feen wrote:
> Anyone want
> to share a quick summary of how their system's configured? 

Personally, I use snort sending output to syslog and a MySQL server.  I
use swatch to watch syslog and e-mail me Priority: 1 alerts and Snort
failing or restarting messages.  I use Acid to wade through all my
alerts each day.  I mail the worse offenders to myself and have a
procmail script parse all of the acid summaries out and put them into
one file.  Then I use the freeware script incident.pl to send incident
reports to the appropriate (at least most of the time) contacts.

It works pretty good for me, but there might be a better way.  I'd like
to start running snort-inline (because the FreeBSD box that runs snort
at my home is also my firewall).  It seems like good documentation on
snort-inline is just starting to pop up, but I haven't read far enough
into it to decide if snort-inline is dependent on iptables.

Shane





-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving 
your online business a competitive advantage. Test-drive a Thawte SSL 
certificate - our easy online guide will show you how. Click here to get 
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users