[Snort-users] Sensor Location
uxbod at ...14273...
Mon Mar 25 07:52:22 EDT 2013
am wishing to learn about the use of Snort and have begun to set up a test environment. What I am unsure of is the best place to locate the sensor. The set up I have is:
Internet -> Physical Host (running KVM with Bridge0) -> KVM Guest acting as Firewall with three interfaces -> eth0 (Public IP)
-> eth1 (DMZ 192.168.1.0/24)
-> eth2 (Internal LAN 192.168.2.0/24)
Would I be best installing Snort on the physical host and have it monitoring the bridged interface or on the virtual firewall and have it monitoring eth0 ?
Any help would be gratefully appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users