[Snort-users] Use Snort to document usage?
mdiwan at ...200...
Sun Oct 14 19:41:02 EDT 2001
Interesting idea .. but i would leave the Snort IDS to run
you could concievably create rules that log source and destination
activity to and from a particutar IP or IP-range in snort.. BUT , why
bother when a tool such as ntop already does all this and more ..
try ntop to monitor the traffic stats.. and create general policy based
on its results : thats what it was made for.
then use snort to fine tune your firewall.. THAT is a very good reason
to use an IDS.
Rich Adamson wrote:
> I'm looking for a realistic way to identify communications to/from
> a small set of systems that share a single ethernet segment, and use
> that useage data to install/configure a firewall. These critical
> systems will be isolated behind a firewall, however before installing
> the firewall I'd like to identify/document all current activity and
> configure the initial firewalls rules to support appropriate usage.
> The systems are AIX, X11, IP, etc.
> I can certainly use Sniffers to monitor acitivity over some lengthy
> period of time, however I'm wondering if snort might be able to
> accomplish the task in some manner.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users