Snort mailing list archives
what's the best setup?
From: c white <cwhite () theatomicmoose ca>
Date: Mon, 17 Jun 2002 10:42:45 -0400
What is the best setup for this network?I work for a large educational institution, all of our servers are on a switch, and I am not permitted, by policy, to place a sniffer between the switch and our router, all of the servers are on the same subnet, a mix of Unix, LINUX, winNT and win2k.
I was thinking about installing a "master" snort box, which would sniff on its own port and use mysql to store the data, and acid to present it through a web interface, and then install snort "sensors" on the other servers and report the data to the "master" server, the only problem with this is that some of the win servers are smp and winpcap doesn't like smp, is there another way to sniff out these servers without installing a "sensor" locally (did i miss something in the manual) or am I just S-O-L.
Suggestions, comments and ideas will be greatly appreciated? _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- what's the best setup? c white (Jun 17)
- <Possible follow-ups>
- RE: what's the best setup? Chris Eidem (Jun 17)