[Snort-sigs] Doubts

ARUN LAL arunlal7701 at ...2420...
Thu Feb 11 09:46:54 EST 2016


install snort on a sensor?? sensor means a server or a paid tool??

On Wed, Feb 10, 2016 at 7:32 PM, <wkitty42 at ...3507...> wrote:

> On 02/10/2016 08:21 AM, ARUN LAL wrote:
> > Hi All,
> >
> > Sorry for the confusion. Let me just clarify myself.  I know how to
> install
> > Snort and Snorby on the same server and configure them to work together
> but
> > right now, I need to use Snorby on my server to fetch the alerts from 3
> > different remote servers that have Snort installed on each of them. I
> was hoping
> > if you could provide me a step by step instruction or direct me to a
> suitable
> > guide for the same.
>
> i cannot direct you to any guides or explain how to do it but the general
> idea
> is this...
>
>
> 1. install snort on a sensor in each network you need to monitor.
>
> 2. install a tool like barnyard2 on each sensor.
>
> 3. setup a central database somewhere for all sensors to report to.
>
> 4. configure each snort with a specific identifier to keep alerts
> separated by
> sensor in the central database. (see the -G and -logid command line
> parameters)
>
> 5. configure each tool like barnyard2 to gather the alerts and insert them
> into
> the central database.
>
> 6. use whatever tool you like (snorby??) to monitor the alerts in the
> central
> database.
>
>
> the basic gist is that each sensor pushes its alerts to the central
> database
> where all the monitoring is being done... effectively, once you install one
> snort/barnyard2 combination, you duplicate it to all other sensors giving
> each
> sensor an id number via the -G command line option... then each sensor's
> barnyard2 will push the sensor's alerts to the central database and you
> can use
> whatever tool you like to monitor the database...
>
> --
>   NOTE: No off-list assistance is given without prior approval.
>         *Please keep mailing list traffic on the list* unless
>         private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160211/1f5b7ef9/attachment.html>


More information about the Snort-sigs mailing list