[Snort-users] Enterprise deployment

snortlst snortlst snortlst at ...125...
Fri Feb 1 07:59:12 EST 2002


Just want to make sure that I got it right:
In Toronto there is a snort machine that hosts mysql database.In ottawa
there is a snort machine that monitors their firewall.So you say that it is
possible to configure snort in ottawa to send updates to toronto database
without logging it locally on ottawa, is that right?
Could you tell me which line I should place in Ottawa's snort.conf to send
traffic to Toronto's centralized mysql database?

P.S. What is the meaning of Win32 front end here? Clent that runs remotely?
(Cleant part, but not the whole snort installation?)
thx.
----- Original Message -----
From: "Tony Scalzitti" <tony at ...4540...>
To: "Frank" <la at ...4425...>; <snort-users at lists.sourceforge.net>
Sent: Thursday, January 31, 2002 5:51 PM
Subject: Re: [Snort-users] Enterprise deployment


> Yes, by logging to a central database (you could also use the win32 front
> end I wrote :) ).  I am not sure if you could use the SSL mysql option if
> you are concerned about the data going across the wire.  I used Stunnel -
it
> allows you to set up to deamons and forward traffic between them.  I have
> the snort sensor configured to send alerts to the localhost on a unused
> port, this in turn forwards via a SSL tunnel to the database server, and
> that deamon unwraps the "package" and send it to the localhost on the
mysql
> port.
>
> There is also the option to run some of the perl scripts available to grap
> the alert file(s) every so often and merge them - then run snortsnarf to
> create reports.  This is really only good if you only want to check the
> remote sensors once or twice a day
>
> -T
> http://security.scalzitti.org
>
>
> ----- Original Message -----
> From: "Frank" <la at ...4425...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Thursday, January 31, 2002 4:44 PM
> Subject: Re: [Snort-users] Enterprise deployment
>
>
> > Have snort log to a database.
> >
> > You can do this with a nice web interface in Demarc and ACID.
> >
> >
> > On Thu, 31 Jan 2002, snortlst snortlst wrote:
> >
> > > I run snort in our local office but we would like to try it for a
> copuple of
> > > other branches. Is it possible in some way to conifugre snort to
monitor
> > > remte sensors, like here in Toronto I would have a central console or
> > > datatbase repository for the sensors running in Ottawa and Calgary?
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list