[Snort-sigs] Snort logs
Hugo van der Kooij
hvdkooij at ...481...
Tue Apr 22 22:37:02 EDT 2003
On 22 Apr 2003, Bryan Irvine wrote:
> Is there a way to get more info from the snort logs?
> It shows someone on one of our networks, downloading a potential virus from
> our mail server.
> But, since this firewall is running NAT, I don't know who.
> Will snort run on more than one interface so I could track and see where it went
> (for next time, I'm sure that info is lost this time)?
You could use multiple instances of snort. Designing an IDS system starts
of with a smart deployment of sensors. You may need multiple sensors to
get the right data for your network.
All email sent to me is bound to the rules described on my homepage.
hvdkooij at ...481... http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
More information about the Snort-sigs