[Snort-users] snort setup

Joe Tang jtang at spieker.com
Wed Feb 21 18:27:30 EST 2018

What I can temporarily do is span all ports on my core switch to this snort port device. How does Snort work with distribution/edge switches?
From: Joel Esler (jesler) [jesler at cisco.com]
Sent: Wednesday, February 21, 2018 2:48 PM
To: Joe Tang
Cc: snort-users at lists.snort.org
Subject: Re: [Snort-users] snort setup

You could use a Tap.

Joel Esler | Talos: Manager | jesler at cisco.com<redir.aspx?REF=-5-pL-z23WZvuJcbCc9Un7TGtZuWiPRJ1fo8CoYdiYeMoWl4gnnVCAFtYWlsdG86amVzbGVyQGNpc2NvLmNvbQ..>

On Feb 21, 2018, at 12:54 PM, Joe Tang <jtang at spieker.com<redir.aspx?REF=32AUjMZRlST5Pw9GFCX5eiTakvzm4yl6eBkvsbmvVJ6MoWl4gnnVCAFtYWlsdG86anRhbmdAc3BpZWtlci5jb20.>> wrote:

I have Palo Alto firewall, it has own version of IDS/IPS. I want to run against Snort as IDS only for now. What is the best way to accomplish this without spanning the ports. I am afraid spanning the port will drops packets and overload the port. Please let me know.
Snort-users mailing list
Snort-users at lists.snort.org<redir.aspx?REF=ztD-NJeSBvAnPIXMa4u-2ImoHSLo01BORWMSsNkxyPeMoWl4gnnVCAFtYWlsdG86U25vcnQtdXNlcnNAbGlzdHMuc25vcnQub3Jn>
Go to this URL to change user options or unsubscribe:

Please visit http://blog.snort.org<redir.aspx?REF=lkiB4h4ZQSaSMVirGT-92NMjGcG2ifCmjt6YuSnIjiOMoWl4gnnVCAFodHRwOi8vYmxvZy5zbm9ydC5vcmcv> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette<redir.aspx?REF=CWWCk7eYUNgxjfqzrEvko7mJT7DZbxzyo3OrtoSjSLOMoWl4gnnVCAFodHRwczovL3Nub3J0Lm9yZy9mYXEvd2hhdC1pcy10aGUtbWFpbGluZy1saXN0LWV0aXF1ZXR0ZQ..>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180221/18897fbf/attachment.html>

More information about the Snort-users mailing list