[Snort-users] Use Snort to document usage?

Rich Adamson radamson at ...2127...
Sun Oct 14 19:18:01 EDT 2001


I'm looking for a realistic way to identify communications to/from
a small set of systems that share a single ethernet segment, and use
that useage data to install/configure a firewall.  These critical
systems will be isolated behind a firewall, however before installing
the firewall I'd like to identify/document all current activity and
configure the initial firewalls rules to support appropriate usage.
The systems are AIX, X11, IP, etc.

I can certainly use Sniffers to monitor acitivity over some lengthy 
period of time, however I'm wondering if snort might be able to 
accomplish the task in some manner.

Thoughts???

Rich





More information about the Snort-users mailing list