[Snort-users] what's the best setup?
cwhite at ...6062...
Mon Jun 17 07:44:03 EDT 2002
What is the best setup for this network?
I work for a large educational institution, all of our servers are on a
switch, and I am not permitted, by policy, to place a sniffer between
the switch and our router, all of the servers are on the same subnet, a
mix of Unix, LINUX, winNT and win2k.
I was thinking about installing a "master" snort box, which would sniff
on its own port and use mysql to store the data, and acid to present it
through a web interface, and then install snort "sensors" on the other
servers and report the data to the "master" server, the only problem
with this is that some of the win servers are smp and winpcap doesn't
like smp, is there another way to sniff out these servers without
installing a "sensor" locally (did i miss something in the manual) or am
I just S-O-L.
Suggestions, comments and ideas will be greatly appreciated?
More information about the Snort-users