[Snort-users] IDS Topology
erek at ...950...
Thu Jan 9 21:37:02 EST 2003
On Thu, 9 Jan 2003, Saul Bosquez wrote:
> Im runnin' Redhat 7.3 on a Compaq proliant server and Im trying to
> install snort 1.8.7 on it.
> On the setup guide in the conceptual IDS topology section, there are 3
> sensors and a centralized acid, mysql database.
> If i'm only using one sensor maybe would be easier to have the sensor
> and the database on the same machine and deploy it outside the
> firewalled network. What do you think guys?
Well... There are better ways to do it, IMHO. :)
If you have your sensor and DB on the same box, you're having to share
resources with Snort. Depending on your traffic, that could be a very bad
thing. If you have the spare box, place a sensor interface (stealth)
outside of your FW and log to a DB box on the inside.
If you don't have a spare box.... Well, do what you best can do. :) Or
'borrow' one from someone's desk. ;-P
"When things get wierd, the wierd turn pro." H.S. Thompson
More information about the Snort-users