[Snort-users] Any using snort on solaris 10 with zones

Greg Cope gregcope at ...11827...
Sat Mar 20 06:07:53 EDT 2010


Hi all,

I have a requirement to monitor "all traffic" (pci req 11).  The vlan  
in question has 2 hosts.  A single windows host (physical) and a  
solaris 10 host run a small number of zones.

I know solaris zones pose a challenge as interzone trafic will not go  
to the wire with shared IP.  Although not ideal interzone traffic  
should be trusted and I am more conceded with exterior traffic.

There are few services to monitor an so the snort config should be  
simple.

Anyone else doing this with snort?  Care to share experiences good or  
bad?  Am I mad or will this work.

Also looking to use something like oosec to do host integrity and log  
monitoring including snort reporting/alerting.

Is there a better place to ask such questions?

Many thanks.

Greg




More information about the Snort-users mailing list