[Snort-users] Best way to deploy snort
Kum Weng Luey
kumwengluey at ...11827...
Tue Apr 6 21:42:48 EDT 2010
Yet another question. I tried installing barnyard2 somehow it's not pushing
data to the mysql server. However, when i shutdown barnyard2, packages being
read from the spool or .alert files. I have copied my configurations from
barnyard to barnyard2. Why is this so?
Thank you paul for answering my initial query.
On Wed, Apr 7, 2010 at 2:48 AM, Paul Schmehl <pschmehl_lists at ...14358...>wrote:
> --On Tuesday, April 06, 2010 09:51:40 +0800 Kum Weng Luey <
> kumwengluey at ...11827...> wrote:
> Hi all,
>> I was wondering what would be the optimal setting to deploy snort with
>> and barnyard.
> 1) Don't use barnyard. Use barnyard2.
> I am thinking of separating the mysql database from snort
>> itself and place it on a remote server.
> That's up to you. Either way will work. Depending upon how much
> horsepower your box has (cpu and memory) snort and mysql can coexist on the
> same box.
> I am wondering do I need to have an
>> additional interface for snort ? One interface for sniffing and the other
>> push alerts to the mysql server.
> Yes. Once interface for passive sniffing, and one interface for management
> of the box. It doesn't matter if mysql is local or remote. You will still
> need two interfaces.
>> One last question: Would snort be better off being placed in the DMZ to
>> incoming traffic or within the internal LAN between the router and the
> That depends entirely upon your network topology and what you want to
> monitor. Snort will "see" whatever traffic passes its passive interface.
> What traffic that is depends upon what you are trying to accomplish.
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users