[Snort-users] Snort alerts to SNMP

Rafeeq Rehman rr at ...7389...
Wed May 21 19:23:11 EDT 2003


Depends upon the environment. Usually goal of monitoring the business
production systems is to keep an eye on things which are critical to routine
business operation (databases, routers etc.). As a matter of principle,
monitoring of security devices should be separate from monitoring of, for
example, an oracle server. Other opinions are welcomed.

----- Original Message ----- 
From: "Roy S. Rapoport" <snort-users at ...9230...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, May 21, 2003 9:26 PM
Subject: Re: [Snort-users] Snort alerts to SNMP


> On Wed, May 21, 2003 at 09:00:52PM -0400, Rafeeq Rehman wrote:
> > I don't have experience with Nagios but it works very well with HP
OpenView
> > (I tested with Network Node Manager). Yes, you can do some trend
analysis
> > based upon traps/alerts. However, I don't recommend to merge Snort data
with
> > any production network monitoring system. False alarms do occur which
may
> > panic operators in production environment.
>
> I'm not sure I understand -- if you're using Snort as an IDS (Intrusion
> Detection System) shouldn't you be panicing, or at least responding
> vigorously, in the case of an alarm?
>
> -roy
>
>





More information about the Snort-users mailing list