Snort mailing list archives
RE: Snort Setup Scenario - Suggestions
From: "Josh Berry" <josh.berry () netschematics com>
Date: Thu, 9 Oct 2003 19:26:25 -0500 (CDT)
No, you definately do not have to have the MySQL Server portion installed on the sensor (the IDS where snort is installed). I manage 17 Snort sensors all tied into a two server MySQL cluster.
3) I am not completely sure but you could probably accomplish this with some BPF filters, or you could create pass rules/BPF filters for the addresses you don't want to alert on and then run TCPDump to just log packets from those machines.Actually it is the opposite that I want. To have(log) Alerts for All addresses but only Log Packets for some specific IP Addresses (e.g. Web Server etc). If I use a BPF filter to start Snort, that will result in not generating Alerts for the Whole subnet ?2) You do not have to install MySQL server on the sensor, just the development/client parts.Please forgive my ignorance, But by Sensor do you mean some part of Snort ? Because while I was building snort, the documentation says that in order to run "/configure --with-mysql", you do have to have my-sql server installed ? Regards \\ Naman-----Original Message----- From: Josh Berry [mailto:josh.berry () linknet-solutions com] Sent: Thursday, October 09, 2003 1:47 PM To: Naman Latif Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort Setup Scenario - Suggestions
Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry () linknet-solutions com ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Setup Scenario - Suggestions Naman Latif (Oct 09)
- <Possible follow-ups>
- Re: Snort Setup Scenario - Suggestions Josh Berry (Oct 09)
- RE: Snort Setup Scenario - Suggestions Naman Latif (Oct 09)
- RE: Snort Setup Scenario - Suggestions Josh Berry (Oct 09)