[Snort-users] Snort and topology

Emmanuel Lesouef e.lesouef at ...14546...
Wed Apr 8 08:16:51 EDT 2009


Each site are geographically distinct, one is very near ther primary
one, so it's wireless connected (~40Mbps), and the other one is
connected through an SDSL (100MBps).

Each of them are routed through the primary one as it is the only one
that has a internet connection.

My goal is to have a part of the work done on site 1 and 2 and the
results aggregated in sort of a "management console" on the primary
site (this "management console" would also be the Snort NIDS for the
primary site.

Dunno if I'm clear enough :)

Thanks for your answer.

Le Wed, 8 Apr 2009 08:11:06 -0400,
Joel Esler <eslerj at ...11827...> a écrit :

> So you have two sites, how are they connected to each other?
> Does all internet traffic go through one site, or both sites?
> 
> Joel
> 
> On Wed, Apr 8, 2009 at 5:42 AM, Emmanuel Lesouef <e.lesouef at ...14546...>
> wrote:
> > Hi,
> >
> > I'm currently planning to deploy snort (which I already did on one
> > server) but I would like to build sort of a network of nids.
> >
> > I'm explaining. We use several vlans and geographically different
> > site. I don't know exactly how to make my snort network be the best
> > as I could considering this topology :
> >
> > Site1 <-> Primary Site <-> Site 2
> >
> > I was thinking about having snort on each site but the primary one
> > be considered as the "monitoring" one, as if it was aggregating data
> > collected and analysed on distant sites.
> >
> > Can someone give some advice about this sort of deployment ? Is it
> > possible to configure a network of nids ?
> >
> > Thanks for all the infos you can give.
> >
> > --
> > Emmanuel Lesouef



-- 
Emmanuel Lesouef




More information about the Snort-users mailing list