[Snort-users] Enterprise deployment

Tony Scalzitti tony at ...4540...
Thu Jan 31 14:51:08 EST 2002


Yes, by logging to a central database (you could also use the win32 front
end I wrote :) ).  I am not sure if you could use the SSL mysql option if
you are concerned about the data going across the wire.  I used Stunnel - it
allows you to set up to deamons and forward traffic between them.  I have
the snort sensor configured to send alerts to the localhost on a unused
port, this in turn forwards via a SSL tunnel to the database server, and
that deamon unwraps the "package" and send it to the localhost on the mysql
port.

There is also the option to run some of the perl scripts available to grap
the alert file(s) every so often and merge them - then run snortsnarf to
create reports.  This is really only good if you only want to check the
remote sensors once or twice a day

-T
http://security.scalzitti.org


----- Original Message -----
From: "Frank" <la at ...4425...>
To: <snort-users at lists.sourceforge.net>
Sent: Thursday, January 31, 2002 4:44 PM
Subject: Re: [Snort-users] Enterprise deployment


> Have snort log to a database.
>
> You can do this with a nice web interface in Demarc and ACID.
>
>
> On Thu, 31 Jan 2002, snortlst snortlst wrote:
>
> > I run snort in our local office but we would like to try it for a
copuple of
> > other branches. Is it possible in some way to conifugre snort to monitor
> > remte sensors, like here in Toronto I would have a central console or
> > datatbase repository for the sensors running in Ottawa and Calgary?
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list