[Snort-users] Multiple sensors over WAN

Onie Camara neil at ...4898...
Mon Feb 11 20:10:03 EST 2002


hi guys,

what would be the ideal design/architecture for setting up multiple snort
over wide area network?

Required/output: centralized management

let say we have 5 sites

1.) is it ideal to have 1 centralized snort mgmt sensor and configure other
sensors to remotely populate the central snort mgmt via sql(such as mysql,
or odbc-ms-sql)?

2.) or is it ideal to have each sensors have their own db ang frontend like
acid or demarc?

3.) is there a way to modify multiple sensors rule without having to go to
each sensors?

4.) please advice me with the best working design with multiple sensors over
wan.

Thanks in advance.

Neil





More information about the Snort-users mailing list