On Nov 14, 2006, at 5:31 PM, Landon Stewart | Superb Internet Corp.
wrote:
We provide shared hosting, colocation services and server rental.
We need to enforce our AUP more proactively and detect malicious
outgoing traffic before we get complaints about it.
We are mirroring outgoing traffic for 3 quite large VLANS to a
machine with a GigE interface. The machine is running snort. I
have not even come close to figuring out which rules we want to
load yet.
What I want to do to be able to generate a report on a regular
basis looking for all of our IP addresses that were the source of a
triggered event and report those events to the customer responsible
for that server.
While BASE provides a good way of viewing whats in the snort
database it does not do what I need. I'm having a lot of trouble
finding information on reporting because the snort database, while
optimized for speed, appears to be quite complex.
Hi-
The BASE project team can try to help you. Either contact me off
list or we can move this to the BASE lists.
Kevin
Kevin Johnson GCIA, GCIH, CISSP, CEH
Principal Consultant
Secure Ideas
PGP.sig
Description: This is a digitally signed message part
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
