O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Alerting with Distributed Snort

To deploy real-time monitoring capability in a three-tier Snort setup you use a different method than with the hybrid. It would be a waste of time and resources to install a mailing application (such as sendmail) and swatch on each sensor. But making a single change to swatch and sendmail configurations across multiple sensors is bound to create confusion and possibly mistakes. To solve this problem, you can make use of syslog-ng and Stunnel to forward alerts securely from the sensors to the Snort server. You could optionally install another server to handle the alert collection and mailing functionality, in which case you would forward alerts to this new server.

Syslog-ng is a replacement for the syslog logging ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required