Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and topology

From: Emmanuel Lesouef <e.lesouef () crbn fr>
Date: Wed, 8 Apr 2009 14:16:51 +0200
Each site are geographically distinct, one is very near ther primary
one, so it's wireless connected (~40Mbps), and the other one is
connected through an SDSL (100MBps).

Each of them are routed through the primary one as it is the only one
that has a internet connection.

My goal is to have a part of the work done on site 1 and 2 and the
results aggregated in sort of a "management console" on the primary
site (this "management console" would also be the Snort NIDS for the
primary site.

Dunno if I'm clear enough :)

Thanks for your answer.

Le Wed, 8 Apr 2009 08:11:06 -0400,
Joel Esler <eslerj () gmail com> a écrit :


So you have two sites, how are they connected to each other?
Does all internet traffic go through one site, or both sites?

Joel

On Wed, Apr 8, 2009 at 5:42 AM, Emmanuel Lesouef <e.lesouef () crbn fr>
wrote:

Hi,

I'm currently planning to deploy snort (which I already did on one
server) but I would like to build sort of a network of nids.

I'm explaining. We use several vlans and geographically different
site. I don't know exactly how to make my snort network be the best
as I could considering this topology :

Site1 <-> Primary Site <-> Site 2

I was thinking about having snort on each site but the primary one
be considered as the "monitoring" one, as if it was aggregating data
collected and analysed on distant sites.

Can someone give some advice about this sort of deployment ? Is it
possible to configure a network of nids ?

Thanks for all the infos you can give.

--
Emmanuel Lesouef




-- 
Emmanuel Lesouef

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: