[Snort-users] VPN Users

Stephen Mullins steve.mullins.work at ...11827...
Fri May 14 10:31:09 EDT 2010


Typically this is what you use a SIM tool for.  That way you can check
what user was assigned what translated VPN IP address at the time that
traffic involving that IP triggered the IDS alert by looking for
Windows/VPN logs around the time of the alert.

Steve

On Fri, May 14, 2010 at 9:37 AM, Bill Pickens <wmpickens at ...11827...> wrote:
> Hello Everyone
>
> We have a large VPN user base.
> IP addresses are changing constantly.
>
> Is there a way to capture the hostname in the event detail at the time of
> the event.
>
> Thanks
> Will
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list