Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Anyone using "Enterprise implementation"?

From: Michael Miller <michael.miller () state co us>
Date: Wed, 27 Aug 2003 09:19:29 -0600
 You're not limited to a single box in watching GigE traffic. You may find
it easier to a) turn off email and http traffic signatures as, presumably,
your mail and webservers have detailed logs, and b) set two (or more) sensor
boxes to look for specific parts of the ruleset. 



-----Original Message-----
From: Emre Bastuz [mailto:info () emre de] 
Sent: Wednesday, August 27, 2003 9:00 AM

Using two machines in a sensor/manager way is part of an evaluation to
decide if commercial products are worth the money or if Snort is an
alternative. My major concern was hardware performance when sniffing on an
GigE network, that´s why I added all kinds of signatures to the snort
process in the first place.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: