[Snort-users] Intel 510 and Snort?

Vitaly Fedrushkov willy at ...3665...
Tue Oct 2 04:17:02 EDT 2001


Good $daytime,

> Date: Mon, 1 Oct 2001 11:38:20 -0500 (CDT)
> From: Nate Carlson <natecars at ...1175...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Intel 510 and Snort?

> Anyone know if it's possible to configure a Cisco-style 'Span' on an Intel
> 510 switch?

> All I can find is port mirroring, and that's considered a 'diagnostic'
> tool on the Intel switch.. changes aren't saved on a reboot.  :(

Well, you can write an expect script (use 'autoexpect' if you are new
to it) which should telnet into switch and do the task.

Regarding when one should run it, there are three options.  Dumb one
is to set up a cron job.  If you can safely assume your switch is
starting first, then it belongs to your server (or Snort itself)
startup sequence.  And vice versa, if your switch gets reset every so
often, you can monitor your syslog waiting for DHCP discovery and
then...

Bad news, however, are that such script will contain administrative
password for device.

Hope this helps.

  Regards,
  Willy.

--
No easy hope or lies        | Vitaly "Willy the Pooh" Fedrushkov
Shall bring us to our goal, | Control Systems and Processes Division
But iron sacrifice          | LUKOIL Company, Chelyabinsk Branch
Of Body, Will and Soul.     | willy at ...3665...  +7 3512 620367
                  R.Kipling | VVF1-RIPE






More information about the Snort-users mailing list