FW: [Snort-users] Remote packet sniffing?
CMartin at ...9696...
CMartin at ...9696...
Thu Jul 24 12:57:03 EDT 2003
From: Martin, Chris
Sent: Thursday, July 24, 2003 12:56 PM
To: 'Michael Bowman'
Subject: RE: [Snort-users] Remote packet sniffing?
Glad to help Michael. And Yep they will insert into a mysql db on linux :-)
But I have only tested on the Ethernet connections on my computer (which
generally im not at all the time). So I don't know how well a snort sniffer
on your primary NIC(or modem I believe in this case) at 56k will work. It's
possible that it will miss packets and possibly miss reporting to the main
server. Never really ran snort on 56k connection.
From: Michael Bowman [mailto:michaelb at ...9721...]
<mailto:[mailto:michaelb at ...9721...]>
Sent: Thursday, July 24, 2003 12:01 PM
To: CMartin at ...9696...
Subject <mailto:CMartin at ...9724...> : RE:
[Snort-users] Remote packet sniffing?
Thanks Chris! I'll grab the windows version as well and look
into the archives for that. Our WAN to 5 of seven locations is only running
at 56k, and it's pretty stressed as it is. Management I think has finnally
decided to up it a little in the near future... i wonder if the windows
versions can insert into the mysql db on the linux machine?
From: CMartin at ...9696...
<mailto:CMartin at ...9696...> [mailto:CMartin at ...9696...]
<mailto:[mailto:CMartin at ...9696...]>
Sent: Thursday, July 24, 2003 1:38 PM
To: michaelb at ...9721... <mailto:michaelb at ...9721...>
Cc: Snort-users at lists.sourceforge.net
<mailto:Snort-users at lists.sourceforge.net>
Subject: RE: [Snort-users] Remote packet
Well you can set up the win snort node to run as a
service, which will enable you to run snort without admin login. As for
batch processing the finding of the windows nodes, I am personally unaware
of an option for snort to do that. Real time report is very, very nice.
For information on how to setup snort as a service (there is a option to set
up as a service with the windows snort version, but it generally does work
or needs tweaking) look in the archives for this emailing list. There was
some great ways posted not too long ago. I hope that helps ya!
Snorting for 4 months and lovin it!
From: Michael Bowman
[mailto:michaelb at ...9721...] <mailto:[mailto:michaelb at ...9721...]>
Sent: Thursday, July 24, 2003 11:30 AM
To: 'Snort-Users (E-mail)
Subject: [Snort-users] Remote packet
I'm one of those "new guys" here
with some experience with Linux (though I've had to refresh lately as it's
been a while). I'm over our networks here where I work, and it's a
distributed place with 7 remote locations connected by frame. I've been
asked to monitor the network at every site, something like a packet monitor
would fit the bill. I've got Snort up and running on a RH 9 system, loggin
to MySQL and with ACID. Besides one other Unix machine, this is the only
*nix machine within our organization.
So... are there remote Win agents
that I can use to collect packets and report them to snort without requiring
administrative login? Honestly, I wouldn't need this real time, but just
store it and send it to my Linux machine every night for me to look at in th
emorning (or I could learn to write rules for Snort and have it do it...) Am
I working too hard on this?
Thanks guys (and gals?)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users