[Snort-users] Snort Deployment Configurations

Martin Holste mcholste at ...11827...
Mon Feb 7 13:39:31 EST 2011

> BTW, I tend to prefer SANCP to collect data in a format more conducive
> for analysing "flows at rest".

Yes SANCP is awesome!  I just wish it didn't require a span/tap at
every sniff point.  For branch offices, netflow is usually the only
option.  A netflow converter/plugin for SANCP would be very cool so
that two separate reporting infrastructures weren't required.

More information about the Snort-users mailing list