[Snort-users] Snort alerts to SNMP
rr at ...7389...
Wed May 21 19:23:11 EDT 2003
Depends upon the environment. Usually goal of monitoring the business
production systems is to keep an eye on things which are critical to routine
business operation (databases, routers etc.). As a matter of principle,
monitoring of security devices should be separate from monitoring of, for
example, an oracle server. Other opinions are welcomed.
----- Original Message -----
From: "Roy S. Rapoport" <snort-users at ...9230...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, May 21, 2003 9:26 PM
Subject: Re: [Snort-users] Snort alerts to SNMP
> On Wed, May 21, 2003 at 09:00:52PM -0400, Rafeeq Rehman wrote:
> > I don't have experience with Nagios but it works very well with HP
> > (I tested with Network Node Manager). Yes, you can do some trend
> > based upon traps/alerts. However, I don't recommend to merge Snort data
> > any production network monitoring system. False alarms do occur which
> > panic operators in production environment.
> I'm not sure I understand -- if you're using Snort as an IDS (Intrusion
> Detection System) shouldn't you be panicing, or at least responding
> vigorously, in the case of an alarm?
More information about the Snort-users