Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Setup Scenario - Suggestions

From: "Josh Berry" <josh.berry () netschematics com>
Date: Thu, 9 Oct 2003 15:49:05 -0500 (CDT)
1) It will affect performance but Snort should be able to handle it fine
(more than likely you would take a bigger performance hit running MySQL
and Snort on the same box, especially while running queries off the
MySQL).

2) You do not have to install MySQL server on the sensor, just the
development/client parts.

3) I am not completely sure but you could probably accomplish this with
some BPF filters, or you could create pass rules/BPF filters for the
addresses you don't want to alert on and then run TCPDump to just log
packets from those machines.


Hi,
We are setting up snort for our DMZ Traffic. Interface for sniffing will

have no IP Address and a second interface will be used for management
etc.

I want to log to my-sql database, which will be on a different machine.

1. Will it effect performance if I send the logs to my-sql running on a

different machine ?

2. Do I still need to install my-sql on the Snort-Machine to compile it

with my-sql support, even though I won't be using it ?

3. Is it possible to sniff and generate alerts (and log) for the whole

subnet but Only log "traffic\packets" for some specific IP Addresses ?


Regards \\ Naman


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: