Re: Sending mail

["Michael J. McCasland" <mjm () eitsystems com>]

I have seen a variety of questions regarding notification of events. I 
thought I would share our strategy.

We currently have a total of 20 sensors in 5 orginizations running with 
this config:
Snort built --with-snmp, --with-postgresql - running on one or many 
linux servers with multiple NICS
Each NIC represents one sensor and has it's own snort.conf file 
(allowing for tailored configuration of rules for each segment and 
unique sensor identification)
We alert centrally to a Postgres DB server
We alert via snmp to our NMS server (OpenNMS)
Use ACID for Data Analysis, and IDS policy manager for rule management
The NMS server recieves the SNMP traps and performs mail, pager, and 
internal event notifications based on the reciept of the trap and it's 
own escalation/notification rules.
We are currently building an security response/ticketing system to help 
manage the events and thier corresponding responses that organizations 
policies require.

This config seems to work well for us. Thought I would share.

-mike mccasland




-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users