Re: Snort / acidlab and mysql

To: Craig <craigsc@zdata.co.za>
Cc: Debian-ISP <debian-isp@lists.debian.org>
Subject: Re: Snort / acidlab and mysql
From: Marcelo Mendes Genaro <genaro@cybershark.net>
Date: Tue, 4 Nov 2003 23:38:16 -0200 (BRST)
Message-id: <[🔎] Pine.LNX.4.58.0311042306300.22869@nicholas.cybershark.net>
In-reply-to: <[🔎] 43D81F098E0D4C47B97D5A47C6137684111F14@exchange.mrdbn>
References: <[🔎] 43D81F098E0D4C47B97D5A47C6137684111F14@exchange.mrdbn>

I think that is most secure use a external box to archive IDS data and
reports. The firewall boxes normally generate a lot of megabytes of log
and are very critical parts of network, so I think that the best way to
avoid crashes and possible security issues.
It' possible create a vlan for this service if you has a switch with this
feature or create a other segment of net to services like this.
All this questions are very personal and depends of your network traffic
because if you make some scripts to manage databases and logs/reports you can mantain all working fine on the
same box ( mysql, acid, snort and netfilter ).

Bye,

M. Genaro

On Mon, 3 Nov 2003, Craig wrote:

> Hi guys
>
> Is it a perferrable to have snort and acidlab running on a firewall
> machine masquerding a network and logging to an internal server running
> apache-ssl and mysql ? I would like to setup some sort of IDS but also
> have more info on traffic in the internal network ?
>
> Thnaks
>
> ..Craig
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

References:
- Snort / acidlab and mysql
  - From: "Craig" <craigsc@zdata.co.za>

Prev by Date: Re: tracking down i/o sucking process
Next by Date: unsubscribe
Previous by thread: Snort / acidlab and mysql
Next by thread: unsubscribe
Index(es):
- Date
- Thread