Re: Best Enterprise Snort Configuration

[Saad Kadhi <saad () docisland org>]

On Wed, Feb 12, 2003 at 07:38:57AM -0800, tfandango wrote:
> So what snort-related tools do you guys like the best?
>  I will probably try to use mySQL to start off with
> and log to a central database somewhere.  But what
> tools are available to remotely manage the snort
> application, display the all sensor alerts in near
> realtime on some central console (I assume this will
> be something that polls the database), etc, etc.
again, if you check the archives you'll find truckloads of  answers  but
here is my go at your questions (that is, what  I  like  to  use  on  my
environment so YMMV):

  - database: mysql
  - alert management (not "real time"): acid [1]
  - sensor configuration management: snortcenter [2]
  - extra pieces: snort doesn't log directly to db. I use  barnyard  [3]
    instead. and stunnel [4]  to  ssl-tunnel  data  between  sensor  and
    central db

that been said, I never tried ~60 sensors logging to a central db at the
same time.

cheers.
--
[1] http://www.cert.org/kb/acid/
[2] http://users.pandora.be/larc/
[3] http://www.snort.org/dl/barnyard/
[4] http://www.stunnel.org/
-- 
Saad Kadhi -- [saad () docisland org] [saad.kadhi () hapsis fr]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]
---


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users