[Snort-users] How to handle multiple snort sensors

Doug Burks doug.burks at ...11827...
Fri Aug 1 11:07:22 EDT 2014

Hi Robert,

Have you considered salt?

We use it in the Security Onion distro and it really helps when
managing multiple sensors as you describe.

On Fri, Aug 1, 2014 at 10:53 AM, Robert Millott
<robm at ...16885...> wrote:
> All
>    I am setting up about 35 snort sensors across our network, all feeding
> back into a SEIM (arcsight).  I was curious, how does anyone else out there
> handle multiple sensors?  I am looking for a way to quickly (and centrally)
> view snort.conf, threshold.conf, bpf filters, rules enabled or disabled etc
> without having to ssh into each individual host.  I know pulled pork will
> handle pulling rules, but I am looking around to see if any one has a means
> of managing many sensors.
> Thanx
> --
> Robert Millott
> President, Millott and Associates
> (443) 255-3588
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

Doug Burks
Need Security Onion Training or Commercial Support?

More information about the Snort-users mailing list