Snort mailing list archives
RE: Snort Install Doc
From: "Jason Lewis" <jlewis () jasonlewis net>
Date: Wed, 27 Jun 2001 10:17:45 -0400
Yep, I have plans to notify if the data pull fails. It would be easy enough to move the data file removal to the console, I will have to think about that one. I do have plans for time sync. It will probably happen from sensor to console and then console to time server. Thanks for the feedback. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Stefan Dens Sent: Wednesday, June 27, 2001 7:03 AM To: jlewis () jasonlewis net; snort user list Subject: RE: [Snort-users] Snort Install Doc Hi, I'm using the same sort of configuration for snort to retrieve raw dump files from sensor. (I'm using a modified shadow script for that). There is one thing that I think it would make it safer against data loss, you let the sensor itself delete the hourly dump files. But what happens if the Console didn't get the dump file first? (Maybe the console is down!) I would suggest that the console itself removes the dump files from the sensor after it checks if the file exist on the console. (In the shadow scripts that works very well, they use one script to retrieve the data and analyze it and another script to remove the data from the sensors using a timed crontab) A last suggestion, maybe you can add in the scripts for the sensors and the console a line to synchronize time with a time server. regards, Stefan Dens -----Oorspronkelijk bericht----- Van: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]Namens Jason Lewis Verzonden: dinsdag 26 juni 2001 7:49 Aan: snort-users () lists sourceforge net Onderwerp: [Snort-users] Snort Install Doc Ok, I have been working on this install doc and figured it was time for someone else to check it out. This is version 0.5 and I still have work to do, so keep that in mind. Parts of the design are broken, you have been warned. http://www.packetnexus.com/docs/packetnexus/Snorting_the_Enterprise.pdf Feedback and suggestions are welcome. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users **************************************************************************** * Openbare Afvalstoffenmaatschappij voor het Vlaamse Gewest (OVAM) De inhoud van deze e-mail en zijn toegevoegde bestanden is vertrouwelijk en alleen bestemd voor het gebruik door de geadresseerde personen. Indien u per vergissing deze e-mail ontvangen hebt, gelieve deze e-mail en de toegevoegde bestanden te vernietigen. Kopieren, verdelen of ander gebruik, onder welke vorm ook, van de inhoud van deze e-mail en de toegevoegde bestanden is ten strengste verboden. De inhoud van deze e-mail en zijn toegevoegde bestanden is afkomstig van de auteur en verbindt niet noodzakelijk de OVAM tenzij dit bevestigd wordt d.m.v. een terzake geldig ondertekend document van de OVAM. Deze voetnoot bevestigt dat de e-mail en zijn toegevoegde bestanden is gecontroleerd op computervirussen wat niet garandeert dat hij volledig vrij is van computervirussen. **************************************************************************** * _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Tcpdump, alerts and portscans, (continued)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Martin Roesch (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Snort Install Doc Jason Lewis (Jun 25)
- RE: Snort Install Doc Stefan Dens (Jun 27)
- RE: Snort Install Doc Jason Lewis (Jun 27)