On Nov 14, 2006, at 5:31 PM, Landon Stewart | Superb Internet Corp. wrote: We provide shared hosting, colocation services and server rental. We need to enforce our AUP more proactively and detect malicious outgoing traffic before we get complaints about it.
We are mirroring outgoing traffic for 3 quite large VLANS to a machine with a GigE interface. The machine is running snort. I have not even come close to figuring out which rules we want to load yet.
What I want to do to be able to generate a report on a regular basis looking for all of our IP addresses that were the source of a triggered event and report those events to the customer responsible for that server.
While BASE provides a good way of viewing whats in the snort database it does not do what I need. I'm having a lot of trouble finding information on reporting because the snort database, while optimized for speed, appears to be quite complex.
Hi-
The BASE project team can try to help you. Either contact me off list or we can move this to the BASE lists.
Kevin
Kevin Johnson GCIA, GCIH, CISSP, CEH Principal Consultant Secure Ideas
|
PGP.sig
Description: This is a digitally signed message part
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|