[Snort-users] RE: Quick poll: favorite snort config?

Petriz, Pablo ppetriz at ...3815...
Fri Jan 10 06:11:04 EST 2003


Simple: Snort + Snortsnarf + swatch
I'm snorting the link between my private network and an external wan network
(private too, but not mine)
It's a low traffic link so i don't need big things. The layout is something
like this:

External net ---- Firewall --------- switch ---- Internal net
                     |                  |
                     |                  |
                    hub -- (1)snort(2)--´
                     |
                     |
                  DMZ net

Snort box has 2 nics: (1)listening, ip-less, stealth; and (2)internal net
ip-range for monitoring.
I use swatch to alert me via e-mail and snortsnarf to watch the logs with a
browser.
I know it's not the best for all, but it's more than enough for my
environment.
And besides... ther's not a "best for all" solution, there's a best for you.
Hope that helps!!!


PABLO

> Date: Thu, 9 Jan 2003 13:13:17 -0800
> From: Benjamin Feen <benjy at ...7961...>
> To: snort-users at lists.sourceforge.net
> Reply-To: Benjy Feen <benjy at ...7961...>
> Subject: [Snort-users] Quick poll: favorite snort config?
> 
> Hiya,
> 
> I'm getting ready to deploy a snort-based IDS, and I'm evaluating 
> various optional components to see if I want to use them.  Anyone want
> to share a quick summary of how their system's configured? 
> I'd be happy
> just to see something like:
> 
> Snort 1.9 logging to barnyard with mysql and ACID 
> 
> Anything you'd like to contribute  would be great!
> 
> Benjamin
> 
> --
> Benjamin Feen
> benjamin(AT)feen.com
> http://www.monkeybagel.com




More information about the Snort-users mailing list