[Snort-users] Snort to monitor several servers

G Ramon Gomez gene at ...13522...
Tue Dec 6 17:45:01 EST 2005


With these three items, you should get a combined network and host-based 
view of the current intrusion status of your network:

* Install Prelude-Manager on a single server, and configure all of your 
IDS components to report to it.
* Place a NIDS/Snort at any point of ingress/egress to your network.
* On UNIX, install Prelude-LML and Samhain on any host that specificly 
needs to be protected.  On Windows, install NTSyslog, and configure it 
to report back to a system that runs Prelude-LML for log parsing.

- Ramon

Jacob Friis Saxberg wrote:

>The most important thing for us is to check if someone breaks in and
>read our sensitive data.
>What would you recommend for that?
>  
>




More information about the Snort-users mailing list