[Snort-users] ideal setup

Keith Young kyoung at ...6513...
Wed Aug 7 14:29:06 EDT 2002


Robert Cole wrote:

> Ok lets go for a not so dream setup. How about snort running on the firewall 
> machine and sending its logs to a syslog server. That a decent setup if the 
> syslog server is heavily protected as well?

Robert,

I wouldn't run Snort on the firewall for two reasons:
	* Snort will put the interfaces into promiscuous mode
	* running extra services usually isn't a good idea

What about running a Snort box outside and a Snort box inside which 
sends log data to the syslog server in the DMZ?

-- 

-- 
--Keith Young
-kyoung at ...6513...






More information about the Snort-users mailing list