Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Have Snort on our master log server

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 27 Dec 2005 11:33:27 -0500
Jacob Friis Saxberg wrote:

Since all of our servers are logging to one server, shouldn't we just
have Snort on that server, instead of on all of them?


Erm, what does the logging have to do with any of this?

Snort doesn't parse logfiles, it monitors network traffic. Pick your sensor
locations based on what network traffic you want to monitor.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: