[Snort-users] Snort and topology

Joel Esler eslerj at ...11827...
Wed Apr 8 08:11:06 EDT 2009


So you have two sites, how are they connected to each other?
Does all internet traffic go through one site, or both sites?

Joel

On Wed, Apr 8, 2009 at 5:42 AM, Emmanuel Lesouef <e.lesouef at ...14546...> wrote:
> Hi,
>
> I'm currently planning to deploy snort (which I already did on one
> server) but I would like to build sort of a network of nids.
>
> I'm explaining. We use several vlans and geographically different site.
> I don't know exactly how to make my snort network be the best as I
> could considering this topology :
>
> Site1 <-> Primary Site <-> Site 2
>
> I was thinking about having snort on each site but the primary one be
> considered as the "monitoring" one, as if it was aggregating data
> collected and analysed on distant sites.
>
> Can someone give some advice about this sort of deployment ? Is it
> possible to configure a network of nids ?
>
> Thanks for all the infos you can give.
>
> --
> Emmanuel Lesouef
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974




More information about the Snort-users mailing list