Proposed Configuration

["Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>]

I am going through the motions of setting up Snort on a specific subnet to
initially monitor two servers. One is an e-mail server, and the other is a web
server. I have already installed Snort on a computer with MySQL as the database,
and ACID as the console. Here is what I had in mind for the configuration of
Snort.

1. Within the snort.conf file, the $HOME_NET directive would have the ip
addresses of the two servers to be monitored, and nothing else. The idea being,
I would monitor only the two servers in question, and over time eventually add
several other mission-critical servers to be monitored.

2. Run Snort as an NIDS system as opposed to having it run as a HIDS system on
each of the servers. Snort would monitor the traffic going to these servers from
a third system, rather than have the application runnning locally on each of the
systems. 

3. I have already done a test run of the Snort system, and as a result I have
accumulated a considerable amount of data into the database. I would like to
purge the database and start completely from scratch. Could I drop the existing
database, and subsequently recreate it using the appropriate script in the Snort
source directory?


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users