pix and snort? obviously I'm not clear on the concept...
Posted on 2006-03-30
Got a pix 501
OUTSIDE goes to the Big Bad Outside (corporate, internet, etc)
INSIDE goes to us, all warm and fuzzy and fat and dumb and happy.
I am sending pix syslog information back to a loghost NETMON on INSIDE's subnet.
Thinking about setting up snort on LOGHOST to detect if the PIX is seeing weird stuff from OUTSIDE.
How does one set up snort to work with a pix?
googling on 'pix snort' 'cisco snort' 'pix snort howto' yields hits that are dealing with questions more esoteric than 'how do I get it to work'. If there are any howtos that people know of, that would be welcome.