Snort mailing list archives

RE: Quick poll: favorite snort config?

From: "Petriz, Pablo" <ppetriz () siscat com ar>
Date: Fri, 10 Jan 2003 11:06:19 -0300

Simple: Snort + Snortsnarf + swatch
I'm snorting the link between my private network and an external wan network
(private too, but not mine)
It's a low traffic link so i don't need big things. The layout is something
like this:

External net ---- Firewall --------- switch ---- Internal net
                     |                  |
                     |                  |
                    hub -- (1)snort(2)--´
                     |
                     |
                  DMZ net

Snort box has 2 nics: (1)listening, ip-less, stealth; and (2)internal net
ip-range for monitoring.
I use swatch to alert me via e-mail and snortsnarf to watch the logs with a
browser.
I know it's not the best for all, but it's more than enough for my
environment.
And besides... ther's not a "best for all" solution, there's a best for you.
Hope that helps!!!


PABLO

Date: Thu, 9 Jan 2003 13:13:17 -0800
From: Benjamin Feen <benjy () feen com>
To: snort-users () lists sourceforge net
Reply-To: Benjy Feen <benjy () feen com>
Subject: [Snort-users] Quick poll: favorite snort config?

Hiya,

I'm getting ready to deploy a snort-based IDS, and I'm evaluating 
various optional components to see if I want to use them.  Anyone want
to share a quick summary of how their system's configured? 
I'd be happy
just to see something like:

Snort 1.9 logging to barnyard with mysql and ACID 

Anything you'd like to contribute  would be great!

Benjamin

--
Benjamin Feen
benjamin(AT)feen.com
http://www.monkeybagel.com



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Quick poll: favorite snort config? Benjamin Feen (Jan 09)
- Re: Quick poll: favorite snort config? Shane Hickey (Jan 14)
- <Possible follow-ups>
- RE: Quick poll: favorite snort config? Petriz, Pablo (Jan 10)
- RE: Quick poll: favorite snort config? Petriz, Pablo (Jan 15)