[Snort-users] Snort and topology
e.lesouef at ...14546...
Wed Apr 8 08:16:51 EDT 2009
Each site are geographically distinct, one is very near ther primary
one, so it's wireless connected (~40Mbps), and the other one is
connected through an SDSL (100MBps).
Each of them are routed through the primary one as it is the only one
that has a internet connection.
My goal is to have a part of the work done on site 1 and 2 and the
results aggregated in sort of a "management console" on the primary
site (this "management console" would also be the Snort NIDS for the
Dunno if I'm clear enough :)
Thanks for your answer.
Le Wed, 8 Apr 2009 08:11:06 -0400,
Joel Esler <eslerj at ...11827...> a écrit :
> So you have two sites, how are they connected to each other?
> Does all internet traffic go through one site, or both sites?
> On Wed, Apr 8, 2009 at 5:42 AM, Emmanuel Lesouef <e.lesouef at ...14546...>
> > Hi,
> > I'm currently planning to deploy snort (which I already did on one
> > server) but I would like to build sort of a network of nids.
> > I'm explaining. We use several vlans and geographically different
> > site. I don't know exactly how to make my snort network be the best
> > as I could considering this topology :
> > Site1 <-> Primary Site <-> Site 2
> > I was thinking about having snort on each site but the primary one
> > be considered as the "monitoring" one, as if it was aggregating data
> > collected and analysed on distant sites.
> > Can someone give some advice about this sort of deployment ? Is it
> > possible to configure a network of nids ?
> > Thanks for all the infos you can give.
> > --
> > Emmanuel Lesouef
More information about the Snort-users