[Snort-users] Basic questions about snort

Jason Lewis jlewis at ...1831...
Sat Apr 14 23:38:07 EDT 2001


Are the snort boxes logging to a DB?

What are you using to get all the logged info together?

Are all the snort boxes configured like stand alone boxes and you monitor
each one individually?

What are you using to alert you to security breaches?

Are you using snort along with any other apps?

I would like to have all my boxes log to a single DB where I can run ACID
and  maybe build a custom tool for viewing logs.

-----Original Message-----
From: agetchel at ...1525... [mailto:agetchel at ...1525...]
Sent: Saturday, April 14, 2001 11:26 PM
To: jlewis at ...1831...
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Basic questions about snort


> Has anyone deployed snort in an enterprise class network?  If
> so, where did
> you go to help you get things working?  I am looking to roll
> snort out and I
> don't want to reinvent the wheel.  If there isn't one, I will
> document my
> experience.

	We're getting ready to roll out snort on our network, which is
'pretty big'. =)  Unfortunately, I have not yet documented anything that I
can release to the world without releasing 'too much' information about our
internal network.  However, I'm going to be writing a document explaining
our findings about Snort vs Other IDS's.  I'll send a message to the list
with a link to the doc when it's done.  In the mean time, do you have any
specific questions?

Thanks,
Abe

Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel at ...1525...
Web     http://www.kde.state.ky.us/





More information about the Snort-users mailing list