[Snort-users] Multiple sensors ???
Snort at ...13151...
Tue Mar 22 06:58:32 EST 2005
The setup of your snort instance is very crucial, it will determine if
you will receive too many alerts or not enough (what your experiencing
now). The setup of your snort install pretty consists of, if it is
windows or linux, if you are monitoring a single a host or monitoring a
network through span port or hub or tap, and the biggest of all is your
snort.conf configuration. Logging your snort alerts to mysql db on a
different server is not a factor for only getting a few alerts, unless
your have some serious internal network or host issues (which is
feasible). If you are monitoring a single host, meaning snort is
installed on your web server or smtp server, it will only capture and
analyze traffic going to and from that server, with the rules you
specify to look for. the key elements in your snort.conf file is the
External_net and home_net variables
Output variable - where you want it to log to and how
Rules - the rules at the bottom that you specify snort to analyze
If your getting some alerts logged, that means most of the above is
correct. The next question is, how do you have snort installed? And how
are you watching the traffic.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Salil D.
Posted At: Tuesday, March 22, 2005 7:00 AM
Posted To: Snort
Conversation: [Snort-users] Multiple sensors ???
Subject: [Snort-users] Multiple sensors ???
I am trying to implement multiple sensors for snort NIDS
presently I have only one sensor configured
my database is on different machine on LAN
the packets are being sensed but only few of them are being logged to
any help will be appreciated
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users