[Snort-users] Snort to monitor several servers

Dominik Schmid dominik_schmid at ...1171...
Mon Dec 5 12:56:03 EST 2005


If you want an application to controll the alerts for all those servers, 
take a look at snortfocus - snortfocus.org.
It's a mysql extension of the snort database.

With the php-gui, you can join servers to user groups which can control 
the alerts and set filters.


> Jacob,
> Wouldn't a possible solution be to install Snort on each server then 
> have them all report to a central database?
> From your wording, it almost sounds like you're trying to provide 
> protection to individual servers using a NIDS installed on each 
> system.  You may be better off using a HIDS like Samhain to provide 
> individual system protection with NIDS at a few network choke-points, 
> and centralize all of the logging using something like Prelude.
> - Ramon
> Jacob Friis Saxberg wrote:
>> Is it possible to have a Nagios like setup of Snort?
>> We have several servers that all need Snort.
>> How could we solve this in an intelligent way?
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list