[Snort-users] Basic questions about snort

Jason Lewis jlewis at ...1831...
Mon Apr 16 11:38:24 EDT 2001


Up to 100Mb.

I am looking to deploy multiple sensors, maybe 10.  A sensor for each
physical network.

jas

-----Original Message-----
From: Rich Smith [mailto:Rich.Smith at ...1809...]
Sent: Monday, April 16, 2001 11:32 AM
To: 'jlewis at ...1831...'
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Basic questions about snort


What kind of bandwidth are you working with? Is it greater than 100Mb?

This makes a huge difference in you network architecture since your not
going to be able to get >200 Mb out of a single sensor.

-rs

> -----Original Message-----
> From: Jason Lewis [mailto:jlewis at ...1831...]
> Sent: Saturday, April 14, 2001 11:38 PM
> To: agetchel at ...1525...
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Basic questions about snort
>
>
> Are the snort boxes logging to a DB?
>
> What are you using to get all the logged info together?
>
> Are all the snort boxes configured like stand alone boxes and
> you monitor
> each one individually?
>
> What are you using to alert you to security breaches?
>
> Are you using snort along with any other apps?
>
> I would like to have all my boxes log to a single DB where I
> can run ACID
> and  maybe build a custom tool for viewing logs.
>
> -----Original Message-----
> From: agetchel at ...1525... [mailto:agetchel at ...1525...]
> Sent: Saturday, April 14, 2001 11:26 PM
> To: jlewis at ...1831...
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Basic questions about snort
>
>
> > Has anyone deployed snort in an enterprise class network?  If
> > so, where did
> > you go to help you get things working?  I am looking to roll
> > snort out and I
> > don't want to reinvent the wheel.  If there isn't one, I will
> > document my
> > experience.
>
> 	We're getting ready to roll out snort on our network, which is
> 'pretty big'. =)  Unfortunately, I have not yet documented
> anything that I
> can release to the world without releasing 'too much'
> information about our
> internal network.  However, I'm going to be writing a
> document explaining
> our findings about Snort vs Other IDS's.  I'll send a message
> to the list
> with a link to the doc when it's done.  In the mean time, do
> you have any
> specific questions?
>
> Thanks,
> Abe
>
> Abe L. Getchell - Security Engineer
> Division of System Support Services
> Kentucky Department of Education
> Voice   502-564-2020x225
> E-mail  agetchel at ...1525...
> Web     http://www.kde.state.ky.us/
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list