[Snort-users] snort setup
jtang at spieker.com
Wed Feb 21 18:27:30 EST 2018
What I can temporarily do is span all ports on my core switch to this snort port device. How does Snort work with distribution/edge switches?
From: Joel Esler (jesler) [jesler at cisco.com]
Sent: Wednesday, February 21, 2018 2:48 PM
To: Joe Tang
Cc: snort-users at lists.snort.org
Subject: Re: [Snort-users] snort setup
You could use a Tap.
Joel Esler | Talos: Manager | jesler at cisco.com<redir.aspx?REF=-5-pL-z23WZvuJcbCc9Un7TGtZuWiPRJ1fo8CoYdiYeMoWl4gnnVCAFtYWlsdG86amVzbGVyQGNpc2NvLmNvbQ..>
On Feb 21, 2018, at 12:54 PM, Joe Tang <jtang at spieker.com<redir.aspx?REF=32AUjMZRlST5Pw9GFCX5eiTakvzm4yl6eBkvsbmvVJ6MoWl4gnnVCAFtYWlsdG86anRhbmdAc3BpZWtlci5jb20.>> wrote:
I have Palo Alto firewall, it has own version of IDS/IPS. I want to run against Snort as IDS only for now. What is the best way to accomplish this without spanning the ports. I am afraid spanning the port will drops packets and overload the port. Please let me know.
Snort-users mailing list
Snort-users at lists.snort.org<redir.aspx?REF=ztD-NJeSBvAnPIXMa4u-2ImoHSLo01BORWMSsNkxyPeMoWl4gnnVCAFtYWlsdG86U25vcnQtdXNlcnNAbGlzdHMuc25vcnQub3Jn>
Go to this URL to change user options or unsubscribe:
Please visit http://blog.snort.org<redir.aspx?REF=lkiB4h4ZQSaSMVirGT-92NMjGcG2ifCmjt6YuSnIjiOMoWl4gnnVCAFodHRwOi8vYmxvZy5zbm9ydC5vcmcv> to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette<redir.aspx?REF=CWWCk7eYUNgxjfqzrEvko7mJT7DZbxzyo3OrtoSjSLOMoWl4gnnVCAFodHRwczovL3Nub3J0Lm9yZy9mYXEvd2hhdC1pcy10aGUtbWFpbGluZy1saXN0LWV0aXF1ZXR0ZQ..>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users