Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rebuilding the wheel

From: Mike Miller <mike () millertwinracing com>
Date: Mon, 7 Jan 2013 09:22:23 -0700
(Sorry it took so long to get back to you, I found this buried in my Drafts folder)

I like Security Onion, a lot, but it's kinda geared to less traffic than I'm expecting. Figure two Perimeter 10 gig 
feeds, and a couple hundred internal firewall interfaces that need monitoring. It's a Statewide consolidated network. 



Yes, Security Onion does full packet capture by default.  You can
disable it if you wish, but it provides tremendous forensic
capability.



I agree wholeheartedly...except where the pipe is running at Gig speeds and the firewall is averaging 150 MBps. I 
shudder to think what the hardware requirements would be at our ASA 5580's. 



What I'm looking for is automation to roll out and manage a box that does IDS stuff and receives syslog feeds to 
give visibility...from 22+ locations.


Security Onion can receive syslog feeds and store them in ELSA, a
central web interface similar to Splunk, but free.


I will look into this. 


If you have further questions about Security Onion, please feel free
to use our mailing lists:
http://code.google.com/p/security-onion/wiki/MailingLists





Hope that helps!

Thanks,
--
Doug Burks
http://securityonion.blogspot.com



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: