AW: [Snort-users] Enterprise deployment

Poppi, Sandro Sandro.Poppi at ...3316...
Sun Feb 3 07:41:04 EST 2002


I'm currently searching for information about a global enterprise deployment
of snort sensors over WAN links. I know there is support for mysql logging
and analysis with ACID but what I want to have is something like commercial
IDS have: On each location there is one central point to summarize all
events and send them to a central enterprise mysql database on which ACID
will work. So there is no need for every sensor to report to the central db
but only the "event summarizer". The connection between the summarizers and
the central db should be encrypted.

Did anyone already deploy such an environment and if yes how did you do it
exactly (which tools, scripts, os, ...)? I would prefer a linux solution
although other os might be ok too ;)


More information about the Snort-users mailing list