Setting up NIDS
- From: Keme <KEMEsixtwonullsix@xxxxxxxx>
- Date: Sat, 18 Nov 2006 15:14:33 +0100
I am in the process of setting up a NIDS, consisting of Snort sensors, Barnyard MySQL and BASE, probably on OpenBSD. I have installed/compiled all modules on one computer, to confirm that they will work together (with snortsam and using OpenBSD "pf").
I have some notion, but still am a bit unsure where to install the different modules for sufficient performance for a live network. Searched the web but could not find any guides. I put Snort on the sensors and MySQL on a central server, but where do I put Barnyard and BASE for adequate performance? (On each sensor, the database server or a separate "transport"/webserver computer?)
I could test it myself, but I guess people have done it before and have some experience to share. I have a number of different computers, with varying specs and room for 3-4 NICs. What I'm looking for is a general guide with some info on what load Barnyard and BASE generate on CPU, and the data stream load (log file reading vs. database update).
.
- Prev by Date: Re: Which Certification track is better? ISACA vs. ISC2 vs. SANS vs...?
- Next by Date: vpn or ssl for b2b web app
- Previous by thread: Which Certification track is better? ISACA vs. ISC2 vs. SANS vs...?
- Next by thread: vpn or ssl for b2b web app
- Index(es):
Relevant Pages
|
|
