Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Doubts

From: wkitty42 () windstream net
Date: Wed, 10 Feb 2016 09:04:42 -0500
On 02/10/2016 04:33 AM, ARUN LAL wrote:

Hi All,

We need to monitor the network of all the other servers(client servers) via snort.

Could you please explain the possibilities of that?? we have installed one snort
in one server, is there anyway to add other servers to it?? or we need to
install snort to all servers??

I think everyone can understand my question!!


i just replied to this or a similar post in the snort-sigs list but i will 
repost it here...


i cannot direct you to any guides or explain how to do it but the general idea 
is this...


1. install snort on a sensor in each network you need to monitor.

2. install a tool like barnyard2 on each sensor.

3. setup a central database somewhere for all sensors to report to.

4. configure each snort with a specific identifier to keep alerts separated by 
sensor in the central database. (see the -G and -logid command line parameters)

5. configure each tool like barnyard2 to gather the alerts and insert them into 
the central database.

6. use whatever tool you like (snorby??) to monitor the alerts in the central 
database.


the basic gist is that each sensor pushes its alerts to the central database 
where all the monitoring is being done... effectively, once you install one 
snort/barnyard2 combination, you duplicate it to all other sensors giving each 
sensor an id number via the -G command line option... then each sensor's 
barnyard2 will push the sensor's alerts to the central database and you can use 
whatever tool you like to monitor the database...



-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: