Snort mailing list archives

Re: How to handle multiple snort sensors

From: Doug Burks <doug.burks () gmail com>
Date: Fri, 1 Aug 2014 11:07:22 -0400

Hi Robert,

Have you considered salt?
http://www.saltstack.com/

We use it in the Security Onion distro and it really helps when
managing multiple sensors as you describe.

On Fri, Aug 1, 2014 at 10:53 AM, Robert Millott
<robm () millottandassociates com> wrote:

All
   I am setting up about 35 snort sensors across our network, all feeding
back into a SEIM (arcsight).  I was curious, how does anyone else out there
handle multiple sensors?  I am looking for a way to quickly (and centrally)
view snort.conf, threshold.conf, bpf filters, rules enabled or disabled etc
without having to ssh into each individual host.  I know pulled pork will
handle pulling rules, but I am looking around to see if any one has a means
of managing many sensors.

Thanx

--
Robert Millott
President, Millott and Associates
(443) 255-3588

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!




-- 
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

How to handle multiple snort sensors Robert Millott (Aug 01)
- Re: How to handle multiple snort sensors Doug Burks (Aug 01)
- Re: How to handle multiple snort sensors Jaime Nebrera (Aug 01)
  - Re: How to handle multiple snort sensors Shirkdog (Aug 01)
- Re: How to handle multiple snort sensors Jeremy Hoel (Aug 01)