[Snort-users] Multiple Snort Sensors HOWTO

twig les twigles at ...131...
Thu Jul 11 09:51:09 EDT 2002


I like the doc.  Actually I'm considering (seriously
considering) scripting the installation of a few
sensors and a viewing station.  In my mind's eye
(which is the only place this exists right now)
someone could install FreeBSD on, say, 5 boxes and
plug them all into one offline hub.  4 would be
minimal installs and one would have X.  From the one
with X you could launch the scripts, which would
probably be Expect since they would have to SSH and do
other interactive things.

There are some obvious problems (how do you use the
ports if you aren't online?) and I am not ready to
start this right now, but you asked....


--- Andrea Barisani <lcars at ...96...>
wrote:
> Hi to all!
> 
> I've just put a simple HOWTO regarding Multiple
> Snort Sensors at
> http://www.infis.univ.trieste.it/~lcars/ids.
> 
> The document is VERY very simple (I've completed it
> in one hour) and 
> it is intended as a start for further discussion,
> every contribution 
> is welcome and the document is entirely open.
> 
> I have covered manual configuration of snort sensors
> controlled by a
> management server.
> 
> Hope that you'll find some good ideas.
> 
> Let me know what you think :)
> 
> Bye
> 
> P.S.
> Is there anyone who has ever think about automating
> something like this 
> in order to create a master+sensor distribution
> project, maybe a huge Gentoo 
> ebuild :)...just wondering.
> 
>
------------------------------------------------------------
> INFIS Network Administrator & Security Officer      
>   .*. 
> Department of Physics       - University of Trieste 
>   /V\
> lcars at ...96... - PGP Key 0x8E21FE82    
>  (/ \)
> ----------------------------------------------------
>  (   )
> "How would you know I'm mad?" said Alice.           
>  ^^-^^
> "You must be,'said the Cat,'or you wouldn't have
> come here."
>
------------------------------------------------------------
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> PC Mods, Computing goodies, cases & more
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
All warfare is based on deception.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com




More information about the Snort-users mailing list