Snort mailing list archives

Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis

From: Seth Art <sethart () gmail com>
Date: Mon, 10 Jan 2005 14:06:11 -0500

From what I've seen the most common solution is to
have the sensors all log to a common DB, but I assume
this solution is impractical over WAN connections with
limited bandwidth. So how do I get around this?


I wouldn't say it's impractical at all.  All of the traffic is NOT
being sent to the central database.  The analysis is being done on the
remote sensor and ONLY THE ALERTS are being sent over the WAN/T1
connection on your mysql port.  The alerts are tiny in comparison.

-Seth Art


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Shon (Jan 10)
- Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Jason Haar (Jan 10)
- Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Seth Art (Jan 10)
  - Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Shon (Jan 10)
    - Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Chris McClimans (Jan 12)