RE: Multiple sensors ???

["Snort" <Snort () InterCept Net>]

The setup of your snort instance is very crucial, it will determine if
you will receive too many alerts or not enough (what your experiencing
now). The setup of your snort install pretty consists of, if it is
windows or linux, if you are monitoring a single a host or monitoring a
network through span port or hub or tap, and the biggest of all is your
snort.conf configuration. Logging your snort alerts to mysql db on a
different server is not a factor for only getting a few alerts, unless
your have some serious internal network or host issues (which is
feasible). If you are monitoring a single host, meaning snort is
installed on your web server or smtp server, it will only capture and
analyze traffic going to and from that server, with the rules you
specify to look for. the key elements in your snort.conf file is the
following:

 

External_net and home_net variables

Rule_path variable

Output variable - where you want it to log to and how

Rules - the rules at the bottom that you specify snort to analyze
traffic with

 

If your getting some alerts logged, that means most of the above is
correct. The next question is, how do you have snort installed? And how
are you watching the traffic.

 

Thanks,

Michael Brown

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Salil D.
Posted At: Tuesday, March 22, 2005 7:00 AM
Posted To: Snort
Conversation: [Snort-users] Multiple sensors ???
Subject: [Snort-users] Multiple sensors ???
  

  
Hello,

I am trying to implement multiple sensors for snort NIDS
presently I have only one sensor configured
Also,
my database is on different machine on LAN
the packets are being sensed but only few of them are being logged to 
the database

any help will be appreciated

Thanks,

Salil.



 <http://clients.rediff.com/signature/track_sig.asp>