[Snort-users] How to handle multiple snort sensors

Doug Burks doug.burks at ...11827...
Fri Aug 1 11:07:22 EDT 2014


Hi Robert,

Have you considered salt?
http://www.saltstack.com/

We use it in the Security Onion distro and it really helps when
managing multiple sensors as you describe.

On Fri, Aug 1, 2014 at 10:53 AM, Robert Millott
<robm at ...16885...> wrote:
> All
>    I am setting up about 35 snort sensors across our network, all feeding
> back into a SEIM (arcsight).  I was curious, how does anyone else out there
> handle multiple sensors?  I am looking for a way to quickly (and centrally)
> view snort.conf, threshold.conf, bpf filters, rules enabled or disabled etc
> without having to ssh into each individual host.  I know pulled pork will
> handle pulling rules, but I am looking around to see if any one has a means
> of managing many sensors.
>
> Thanx
>
> --
> Robert Millott
> President, Millott and Associates
> (443) 255-3588
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!



-- 
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com




More information about the Snort-users mailing list