[Snort-users] ideal setup

Robert Cole robert at ...6550...
Wed Aug 7 13:49:05 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok lets go for a not so dream setup. How about snort running on the firewall 
machine and sending its logs to a syslog server. That a decent setup if the 
syslog server is heavily protected as well?

Thanks,
Robert

On Wednesday 07 August 2002 11:12 am, quentyn at ...3871... wrote:
> Robert Cole wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Whats the ideal setup for snort? I'm just now getting into it and reading
> > up on it and it looks like a good way to go is put snort on the firewall
> > machine and have it log to a syslog server. Correct?
> >
> > Robert
>
> an ideal set-up would be to have hardware ether taps running to
> dedicated sensors. They feed into db servers ( what ever your poison)
> all running on a separate network not connected to any other network.
> Alerts are via festival ( the voice sysnthsis prog) and SMS (so are one
> way only)
>
> this is my dream set-up but is not practical in may situations ( though
> it is virtually uncomprimiseable)
>
> Q
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9UYewOWbzte5wVEURAiK4AJ4n5qDOUu/oDmXjYPN0vfmc+XQ9VwCeNe9K
3C0SJYmCwwvQaIh79f9zm6g=
=t0bx
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list