[Snort-users] Snort and topology

Emmanuel Lesouef e.lesouef at ...14546...
Wed Apr 8 05:42:16 EDT 2009


I'm currently planning to deploy snort (which I already did on one
server) but I would like to build sort of a network of nids.

I'm explaining. We use several vlans and geographically different site.
I don't know exactly how to make my snort network be the best as I
could considering this topology :

Site1 <-> Primary Site <-> Site 2

I was thinking about having snort on each site but the primary one be
considered as the "monitoring" one, as if it was aggregating data
collected and analysed on distant sites.

Can someone give some advice about this sort of deployment ? Is it
possible to configure a network of nids ?

Thanks for all the infos you can give. 

Emmanuel Lesouef

More information about the Snort-users mailing list