[Snort-users] Snort and topology

Joel Esler eslerj at ...11827...
Wed Apr 8 08:18:21 EDT 2009


I would probably have three.  One at each remote site monitoring the
network traffic entering and leaving those sites, then yet another at
the central site watching the traffic going in and out of the
internet.

Joel

On Wed, Apr 8, 2009 at 8:16 AM, Emmanuel Lesouef <e.lesouef at ...14546...> wrote:
> Each site are geographically distinct, one is very near ther primary
> one, so it's wireless connected (~40Mbps), and the other one is
> connected through an SDSL (100MBps).
>
> Each of them are routed through the primary one as it is the only one
> that has a internet connection.
>
> My goal is to have a part of the work done on site 1 and 2 and the
> results aggregated in sort of a "management console" on the primary
> site (this "management console" would also be the Snort NIDS for the
> primary site.
>
> Dunno if I'm clear enough :)
>
> Thanks for your answer.
>
> Le Wed, 8 Apr 2009 08:11:06 -0400,
> Joel Esler <eslerj at ...11827...> a écrit :
>
>> So you have two sites, how are they connected to each other?
>> Does all internet traffic go through one site, or both sites?
>>
>> Joel
>>
>> On Wed, Apr 8, 2009 at 5:42 AM, Emmanuel Lesouef <e.lesouef at ...14546...>
>> wrote:
>> > Hi,
>> >
>> > I'm currently planning to deploy snort (which I already did on one
>> > server) but I would like to build sort of a network of nids.
>> >
>> > I'm explaining. We use several vlans and geographically different
>> > site. I don't know exactly how to make my snort network be the best
>> > as I could considering this topology :
>> >
>> > Site1 <-> Primary Site <-> Site 2
>> >
>> > I was thinking about having snort on each site but the primary one
>> > be considered as the "monitoring" one, as if it was aggregating data
>> > collected and analysed on distant sites.
>> >
>> > Can someone give some advice about this sort of deployment ? Is it
>> > possible to configure a network of nids ?
>> >
>> > Thanks for all the infos you can give.
>> >
>> > --
>> > Emmanuel Lesouef
>
>
>
> --
> Emmanuel Lesouef
>



-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974




More information about the Snort-users mailing list