[Snort-users] Snort in a H.A. environment.

Glenn Forbes Fleming Larratt glratt at ...604...
Mon Jan 20 06:17:02 EST 2003


Since your configuration already apparently meets your needs with a full
load going through firewall *and* IDS, why not simply run Snort in both
places all the time?

Active node - traffic, hits on rules, recording/alerting/whatever, no problem.
Standby node - no traffic, no hits on rules, no problem.

	-g

On Mon, 20 Jan 2003, Federico Lombardo wrote:

> Hi all, I've a stupid problem.
>
> I've in a production scenario a checkpoint Firewall-1 Cluster-XL Firewall in
> Active-StandBy configuration.
>
>
> On the active Node-1 (active) i wanna run snort, and no problems with this.
> The problema I want to solve is:
>
> How I can make possible to start snort on the other Node-2 when it became
> active, and how to stop snort in Node-1 when it became standby ???
>
>
> Every solution is appreciated.
>
>
> Regards,
>
>
> Federico
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
> are you planning your Web Server Security? Click here to get a FREE
> Thawte SSL guide and find the answers to all your  SSL security issues.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

				Glenn Forbes Fleming Larratt
				Rice University Network Management
				glratt at ...604...





More information about the Snort-users mailing list