Snort mailing list archives
Re: Doubts
From: wkitty42 () windstream net
Date: Wed, 10 Feb 2016 09:04:42 -0500
On 02/10/2016 04:33 AM, ARUN LAL wrote:
Hi All, We need to monitor the network of all the other servers(client servers) via snort. Could you please explain the possibilities of that?? we have installed one snort in one server, is there anyway to add other servers to it?? or we need to install snort to all servers?? I think everyone can understand my question!!
i just replied to this or a similar post in the snort-sigs list but i will repost it here... i cannot direct you to any guides or explain how to do it but the general idea is this... 1. install snort on a sensor in each network you need to monitor. 2. install a tool like barnyard2 on each sensor. 3. setup a central database somewhere for all sensors to report to. 4. configure each snort with a specific identifier to keep alerts separated by sensor in the central database. (see the -G and -logid command line parameters) 5. configure each tool like barnyard2 to gather the alerts and insert them into the central database. 6. use whatever tool you like (snorby??) to monitor the alerts in the central database. the basic gist is that each sensor pushes its alerts to the central database where all the monitoring is being done... effectively, once you install one snort/barnyard2 combination, you duplicate it to all other sensors giving each sensor an id number via the -G command line option... then each sensor's barnyard2 will push the sensor's alerts to the central database and you can use whatever tool you like to monitor the database... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Doubts ARUN LAL (Feb 08)
- Re: Doubts wkitty42 (Feb 08)
- <Possible follow-ups>
- Doubts ARUN LAL (Feb 10)
- Re: Doubts wkitty42 (Feb 10)
- Message not available
- Re: [Snort-users] Doubts ARUN LAL (Feb 11)
- Re: [Snort-users] Doubts wkitty42 (Feb 16)
- Re: Doubts wkitty42 (Feb 10)
- Re: Doubts Al Lewis (allewi) (Feb 10)
- Re: Doubts wkitty42 (Feb 10)
- Re: Doubts ARUN LAL (Feb 11)
- Re: Doubts stefan (Feb 11)
- Re: Doubts wkitty42 (Feb 11)
- Re: Doubts ARUN LAL (Feb 11)