[Snort-users] OT: Traffic monitoring?
peter.bates at ...79...
Wed May 16 12:06:43 EDT 2001
I've been happily snorting away now for months,
but have recently been concerned that my system
(for one reason or another) is not incredibly loaded...
Because of this, I wondered if I could turn my snort box
(just running 1.7, on tweaked RH Linux 6.2, and uploading
to the ARIS system hourly) to a spot of 'traffic monitoring'...
At present using port mirroring I've got all my external
traffic passing by eth1 and being snorted... does anyone
know or recommend any programme/system to do some degree
of top hosts/most popular port sort of analysis?
I've got assorted lists, ntop, trafshow, etc. etc.
but I wondered if anyone out there was pressing
an (under-abused) snort box toward another task?
More information about the Snort-users