[Snort-users] ideal setup
kyoung at ...6513...
Wed Aug 7 14:29:06 EDT 2002
Robert Cole wrote:
> Ok lets go for a not so dream setup. How about snort running on the firewall
> machine and sending its logs to a syslog server. That a decent setup if the
> syslog server is heavily protected as well?
I wouldn't run Snort on the firewall for two reasons:
* Snort will put the interfaces into promiscuous mode
* running extra services usually isn't a good idea
What about running a Snort box outside and a Snort box inside which
sends log data to the syslog server in the DMZ?
-kyoung at ...6513...
More information about the Snort-users