Snort mailing list archives
RE: Snort Install Doc
From: "Stefan Dens" <sdens () ovam be>
Date: Wed, 27 Jun 2001 13:03:15 +0200
Hi, I'm using the same sort of configuration for snort to retrieve raw dump files from sensor. (I'm using a modified shadow script for that). There is one thing that I think it would make it safer against data loss, you let the sensor itself delete the hourly dump files. But what happens if the Console didn't get the dump file first? (Maybe the console is down!) I would suggest that the console itself removes the dump files from the sensor after it checks if the file exist on the console. (In the shadow scripts that works very well, they use one script to retrieve the data and analyze it and another script to remove the data from the sensors using a timed crontab) A last suggestion, maybe you can add in the scripts for the sensors and the console a line to synchronize time with a time server. regards, Stefan Dens -----Oorspronkelijk bericht----- Van: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]Namens Jason Lewis Verzonden: dinsdag 26 juni 2001 7:49 Aan: snort-users () lists sourceforge net Onderwerp: [Snort-users] Snort Install Doc Ok, I have been working on this install doc and figured it was time for someone else to check it out. This is version 0.5 and I still have work to do, so keep that in mind. Parts of the design are broken, you have been warned. http://www.packetnexus.com/docs/packetnexus/Snorting_the_Enterprise.pdf Feedback and suggestions are welcome. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ***************************************************************************** Openbare Afvalstoffenmaatschappij voor het Vlaamse Gewest (OVAM) De inhoud van deze e-mail en zijn toegevoegde bestanden is vertrouwelijk en alleen bestemd voor het gebruik door de geadresseerde personen. Indien u per vergissing deze e-mail ontvangen hebt, gelieve deze e-mail en de toegevoegde bestanden te vernietigen. Kopieren, verdelen of ander gebruik, onder welke vorm ook, van de inhoud van deze e-mail en de toegevoegde bestanden is ten strengste verboden. De inhoud van deze e-mail en zijn toegevoegde bestanden is afkomstig van de auteur en verbindt niet noodzakelijk de OVAM tenzij dit bevestigd wordt d.m.v. een terzake geldig ondertekend document van de OVAM. Deze voetnoot bevestigt dat de e-mail en zijn toegevoegde bestanden is gecontroleerd op computervirussen wat niet garandeert dat hij volledig vrij is van computervirussen. ***************************************************************************** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Tcpdump, alerts and portscans, (continued)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Martin Roesch (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Snort Install Doc Jason Lewis (Jun 25)
- RE: Snort Install Doc Stefan Dens (Jun 27)
- RE: Snort Install Doc Jason Lewis (Jun 27)