Snort mailing list archives
Proposed Configuration
From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Tue, 28 Oct 2003 19:39:06 -0500
I am going through the motions of setting up Snort on a specific subnet to initially monitor two servers. One is an e-mail server, and the other is a web server. I have already installed Snort on a computer with MySQL as the database, and ACID as the console. Here is what I had in mind for the configuration of Snort. 1. Within the snort.conf file, the $HOME_NET directive would have the ip addresses of the two servers to be monitored, and nothing else. The idea being, I would monitor only the two servers in question, and over time eventually add several other mission-critical servers to be monitored. 2. Run Snort as an NIDS system as opposed to having it run as a HIDS system on each of the servers. Snort would monitor the traffic going to these servers from a third system, rather than have the application runnning locally on each of the systems. 3. I have already done a test run of the Snort system, and as a result I have accumulated a considerable amount of data into the database. I would like to purge the database and start completely from scratch. Could I drop the existing database, and subsequently recreate it using the appropriate script in the Snort source directory? ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Proposed Configuration Kaplan, Andrew H. (Oct 28)