[Snort-users] Rebuilding the wheel

Mike Miller mike at ...16027...
Mon Jan 7 11:22:23 EST 2013


(Sorry it took so long to get back to you, I found this buried in my Drafts folder)

I like Security Onion, a lot, but it's kinda geared to less traffic than I'm expecting. Figure two Perimeter 10 gig feeds, and a couple hundred internal firewall interfaces that need monitoring. It's a Statewide consolidated network. 


> Yes, Security Onion does full packet capture by default.  You can
> disable it if you wish, but it provides tremendous forensic
> capability.
> 

I agree wholeheartedly...except where the pipe is running at Gig speeds and the firewall is averaging 150 MBps. I shudder to think what the hardware requirements would be at our ASA 5580's. 


>> What I'm looking for is automation to roll out and manage a box that does IDS stuff and receives syslog feeds to give visibility...from 22+ locations.
> 
> Security Onion can receive syslog feeds and store them in ELSA, a
> central web interface similar to Splunk, but free.

I will look into this. 

> If you have further questions about Security Onion, please feel free
> to use our mailing lists:
> http://code.google.com/p/security-onion/wiki/MailingLists


> 
> Hope that helps!
> 
> Thanks,
> --
> Doug Burks
> http://securityonion.blogspot.com





More information about the Snort-users mailing list