Re: Issue with sensors

["Shashi.P" <p.shashii () gmail com>]

Thanks for your reply,

Type of switch is Cisco.

Currently 2 network port (eth0 & eth1)

eth0 - Through which i am accessing with SSH
eth1 - All the port in cisco switch are mirrored to eth1 (10.184.75.0) (One
subnet)

Snort installed on Fedora 10. Installed Snort 2.8,4 Base, barnyard2. I am
able to get alert on web console.


Please let us know how can i procced to configuration.



On Wed, Oct 28, 2009 at 7:54 PM, Shenk, Jerry A <jshenk () decommunications com>
wrote:
> Can you give a little more details?
>
> What type of switch?  Cisco switches have one way to monitor a port,
> each switch is completely different in execution but the concepts are
> similar.
>
> Are all 4 networks on the same switch?
>
> How many NICs are in your snort box? - having an individual NIC for each
> network is preferred but I suppose it's not the only option.
>
> If you're just getting started with Snort, I would definitely pick one
> network and monitor that one first...get that working, get an
> understanding how that works and the add the other networks.  Having
> multiple NICs in a single box makes this quite a bit more complicated
> and requires a good understanding of linux (assuming a linux platform)
> because you'll need either sets of config files or variables in the
> config files.
>
> -----Original Message-----
> From: Shashi.P [mailto:p.shashii () gmail com]
> Sent: Wednesday, October 28, 2009 10:03 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Issue with sensors
>
> Hi,
>
> What settings need to be done. Port on switch? What he need to enable
> on switch. (ie Sensor).
>
> i need to monitor 4 network PLease let me know what setting needs to
> be done on snort configuration?
>
>
> Regards. Shashi
>
> ------------------------------------------------------------------------
> ------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and
> stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> **DISCLAIMER
> This e-mail message and any files transmitted with it are intended for the
use of the individual or entity to which they are addressed and may contain
information that is privileged, proprietary and confidential. If you are not
the intended recipient, you may not use, copy or disclose to anyone the
message or any information contained in the message. If you have received
this communication in error, please notify the sender and delete this e-mail
message. The contents do not represent the opinion of D&E except to the
extent that it relates to their official business.
>
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users