[Snort-users] ideal setup
robert at ...6550...
Wed Aug 7 22:59:02 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
I'm a network engineer by trade and I'm doing this on my home network of
computers as a learning point to really get familier with it.
I'll probably try this in a couple of different configs.
I just wanted to get an idea of the sorts of things I'm looking for and have
some ideas rolling around in my head before I get in extremely deep to
howto's and docs. If I don't have some idea of why and how in my head already
my eyes glaze over reading docs for just the sake of learning. :) I have to
have a point and reason to read em then I have DRIVE! :)
Thanks everyone for your input. Very much appreciated. I'm sure I'll be back
with some brutal questions in few days or after linuxworld. :)
On Wednesday 07 August 2002 02:28 pm, Keith Young wrote:
> Robert Cole wrote:
> > Ok lets go for a not so dream setup. How about snort running on the
> > firewall machine and sending its logs to a syslog server. That a decent
> > setup if the syslog server is heavily protected as well?
> I wouldn't run Snort on the firewall for two reasons:
> * Snort will put the interfaces into promiscuous mode
> * running extra services usually isn't a good idea
> What about running a Snort box outside and a Snort box inside which
> sends log data to the syslog server in the DMZ?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Snort-users