[Snort-users] ideal setup

Robert Cole robert at ...6550...
Wed Aug 7 22:59:02 EDT 2002

Hash: SHA1

I'm a network engineer by trade and I'm doing this on my home network of 
computers as a learning point to really get familier with it.

I'll probably try this in a couple of different configs.

I just wanted to get an idea of the sorts of things I'm looking for and have 
some ideas rolling around in my head before I get in extremely deep to 
howto's and docs. If I don't have some idea of why and how in my head already 
my eyes glaze over reading docs for just the sake of learning. :) I have to 
have a point and reason to read em then I have DRIVE! :)

Thanks everyone for your input. Very much appreciated. I'm sure I'll be back 
with some brutal questions in few days or after linuxworld. :)


On Wednesday 07 August 2002 02:28 pm, Keith Young wrote:
> Robert Cole wrote:
> > Ok lets go for a not so dream setup. How about snort running on the
> > firewall machine and sending its logs to a syslog server. That a decent
> > setup if the syslog server is heavily protected as well?
> Robert,
> I wouldn't run Snort on the firewall for two reasons:
> 	* Snort will put the interfaces into promiscuous mode
> 	* running extra services usually isn't a good idea
> What about running a Snort box outside and a Snort box inside which
> sends log data to the syslog server in the DMZ?
Version: GnuPG v1.0.7 (GNU/Linux)


More information about the Snort-users mailing list