Noob

[Brian Stamper <BStamper () spencerhospital org>]

Well I'm new to snort but so far I have the following:
Snort logging to a mysql database w/ Apache2+PHP running acid.  Also have
the Webmin snort module up and running.

Here is my problem.  Currently out of the box snort is running on a network
of roughly 300+ machines.  ITS UGLY!!  I am getting info everywhere.  Like
40 or 50+ alerts a minute.  Things from public SNMP stuff to dropped ICMP
packets.  Does anyone have any pointers on where to start to get this to be
useful rather than overwhelming?  I've researched some of it and it seems
that the print server we have poll's the printers w/ this SNMP public
broadcast every time something gets printed.  I'm at a loss in hope that my
network isn't really this messed up!!  Are there any docs that explain what
is/isn't needed for rules and what to setup from scratch?  All of this and
I'm still on a switched network...no monitoring port or nothing.  All I see
is what comes and goes from this machine and the network broadcasts
basically.  Currently running snort 2.2.0 on Gentoo Linux.
Thanks,
Brian


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users