[Snort-users] Snort to monitor several servers
G Ramon Gomez
gene at ...13522...
Tue Dec 6 17:45:01 EST 2005
With these three items, you should get a combined network and host-based
view of the current intrusion status of your network:
* Install Prelude-Manager on a single server, and configure all of your
IDS components to report to it.
* Place a NIDS/Snort at any point of ingress/egress to your network.
* On UNIX, install Prelude-LML and Samhain on any host that specificly
needs to be protected. On Windows, install NTSyslog, and configure it
to report back to a system that runs Prelude-LML for log parsing.
Jacob Friis Saxberg wrote:
>The most important thing for us is to check if someone breaks in and
>read our sensitive data.
>What would you recommend for that?
More information about the Snort-users