[Snort-users] RE: Quick poll: favorite snort config?
ppetriz at ...3815...
Fri Jan 10 06:11:04 EST 2003
Simple: Snort + Snortsnarf + swatch
I'm snorting the link between my private network and an external wan network
(private too, but not mine)
It's a low traffic link so i don't need big things. The layout is something
External net ---- Firewall --------- switch ---- Internal net
hub -- (1)snort(2)--´
Snort box has 2 nics: (1)listening, ip-less, stealth; and (2)internal net
ip-range for monitoring.
I use swatch to alert me via e-mail and snortsnarf to watch the logs with a
I know it's not the best for all, but it's more than enough for my
And besides... ther's not a "best for all" solution, there's a best for you.
Hope that helps!!!
> Date: Thu, 9 Jan 2003 13:13:17 -0800
> From: Benjamin Feen <benjy at ...7961...>
> To: snort-users at lists.sourceforge.net
> Reply-To: Benjy Feen <benjy at ...7961...>
> Subject: [Snort-users] Quick poll: favorite snort config?
> I'm getting ready to deploy a snort-based IDS, and I'm evaluating
> various optional components to see if I want to use them. Anyone want
> to share a quick summary of how their system's configured?
> I'd be happy
> just to see something like:
> Snort 1.9 logging to barnyard with mysql and ACID
> Anything you'd like to contribute would be great!
> Benjamin Feen
More information about the Snort-users