[Snort-users] PLEASE HELP HERE.

vasanth b vasanthjobs at ...125...
Sun Feb 8 19:00:02 EST 2004


I will be implementing IDS using SNORT in our company network infrastructure 
and would be thankfull for some help.After going through all the  documents 
found in snort.org.I have got some doubts in implementing Snort IDS.

1.REGARDING SENSORS:

      Is this sensors r taps compulsory.Can we use snort to monitor using 
span r mirror port in the switch.If sensor necessary where to get it and how 
to place it.
And taps too i found different kinds of taps in the net so plz advice me in 
this regarding.

2.EVENT MONITORING � How to better configure the IDS NIC that will be acting 
as an admin interface, where I will be connecting for event information. 
Should I configure this interface with security to be accessed from the 
Internet or should I configure this interface to be accessed from the LAN 
via the firewall?

3.LOGS � Where should i store all the logs.Should i need  a separate server 
to store all the logs.If not approximately how much space will be required.

4.REPORTING � What is the best way to centralize and access all event 
reporting? What is the best product to accomplish this?


Please be kind to let me know if you have a better approach to any of this 
or if you have any other comments or suggestions.

ADVANCE THANKS FOR ALL WHOEVER HELPS AND GIVES THEIR VALUABLE IDEAS.

Regards,

VASANTH.B

_________________________________________________________________
Gifts for Him & Her. Valentine�s Day.  http://go.msnserver.com/IN/42197.asp 
At MSN Shopping.





More information about the Snort-users mailing list