Snort mailing list archives
distributed snort
From: meling <meling () scan-associates net>
Date: Wed, 3 Oct 2001 11:17:34 +0800
Hi, I'm developing a distributed intrusion detection architecture using Snort on the IDS sensors. We're targeting to deploy > 50 sensors on multiple networks. These sensors will push the alert logs to 1 central console, where data crunching and analysis will take place. My questions are: 1. How feasible it is to send alert logs from 50 sensors to 1 central console? The central console will have several different components in itself, such as data parsing, etc. 2. What is the most efficient way to make sure that Snort is runnig 24x7 on the sensors? Is tcpserver any good? 3. What are the best data consolidation techniques available? My concern is that when too many data are displayed from various sensors on the monitoring console, security analyst will tend to ignore them. Your input are very much appreciated. --mel http://ini2.net/mel _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- distributed snort meling (Oct 02)
- Re: distributed snort Michael Boman (Oct 03)
- Re: distributed snort Erek Adams (Oct 03)
- Re: distributed snort Tim Hughes (Oct 09)
- Re: distributed snort Andreas Hasenack (Oct 09)
- <Possible follow-ups>
- RE: distributed snort Fraser Hugh (Oct 03)