[Snort-users] ideal setup
robert at ...6550...
Wed Aug 7 13:49:05 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Ok lets go for a not so dream setup. How about snort running on the firewall
machine and sending its logs to a syslog server. That a decent setup if the
syslog server is heavily protected as well?
On Wednesday 07 August 2002 11:12 am, quentyn at ...3871... wrote:
> Robert Cole wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Whats the ideal setup for snort? I'm just now getting into it and reading
> > up on it and it looks like a good way to go is put snort on the firewall
> > machine and have it log to a syslog server. Correct?
> > Robert
> an ideal set-up would be to have hardware ether taps running to
> dedicated sensors. They feed into db servers ( what ever your poison)
> all running on a separate network not connected to any other network.
> Alerts are via festival ( the voice sysnthsis prog) and SMS (so are one
> way only)
> this is my dream set-up but is not practical in may situations ( though
> it is virtually uncomprimiseable)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Snort-users