[Snort-users] Rebuilding the wheel
mike at ...16027...
Mon Jan 7 11:22:23 EST 2013
(Sorry it took so long to get back to you, I found this buried in my Drafts folder)
I like Security Onion, a lot, but it's kinda geared to less traffic than I'm expecting. Figure two Perimeter 10 gig feeds, and a couple hundred internal firewall interfaces that need monitoring. It's a Statewide consolidated network.
> Yes, Security Onion does full packet capture by default. You can
> disable it if you wish, but it provides tremendous forensic
I agree wholeheartedly...except where the pipe is running at Gig speeds and the firewall is averaging 150 MBps. I shudder to think what the hardware requirements would be at our ASA 5580's.
>> What I'm looking for is automation to roll out and manage a box that does IDS stuff and receives syslog feeds to give visibility...from 22+ locations.
> Security Onion can receive syslog feeds and store them in ELSA, a
> central web interface similar to Splunk, but free.
I will look into this.
> If you have further questions about Security Onion, please feel free
> to use our mailing lists:
> Hope that helps!
> Doug Burks
More information about the Snort-users