[Snort-sigs] Snort logs

Hugo van der Kooij hvdkooij at ...481...
Tue Apr 22 22:37:02 EDT 2003


On 22 Apr 2003, Bryan Irvine wrote:

> Is there a way to get more info from the snort logs?

....

> It shows someone on one of our networks, downloading a potential virus from 
> our mail server.
> 
> But, since this firewall is running NAT, I don't know who.  
> Will snort run on more than one interface so I could track and see where it went 
> (for next time, I'm sure that info is lost this time)?

You could use multiple instances of snort. Designing an IDS system starts 
of with a smart deployment of sensors. You may need multiple sensors to 
get the right data for your network.

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij at ...481...		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.





More information about the Snort-sigs mailing list