amlp
asked on
pix and snort? obviously I'm not clear on the concept...
Got a pix 501
OUTSIDE goes to the Big Bad Outside (corporate, internet, etc)
INSIDE goes to us, all warm and fuzzy and fat and dumb and happy.
I am sending pix syslog information back to a loghost NETMON on INSIDE's subnet.
Thinking about setting up snort on LOGHOST to detect if the PIX is seeing weird stuff from OUTSIDE.
How does one set up snort to work with a pix?
googling on 'pix snort' 'cisco snort' 'pix snort howto' yields hits that are dealing with questions more esoteric than 'how do I get it to work'. If there are any howtos that people know of, that would be welcome.
Thanks!
OUTSIDE goes to the Big Bad Outside (corporate, internet, etc)
INSIDE goes to us, all warm and fuzzy and fat and dumb and happy.
I am sending pix syslog information back to a loghost NETMON on INSIDE's subnet.
Thinking about setting up snort on LOGHOST to detect if the PIX is seeing weird stuff from OUTSIDE.
How does one set up snort to work with a pix?
googling on 'pix snort' 'cisco snort' 'pix snort howto' yields hits that are dealing with questions more esoteric than 'how do I get it to work'. If there are any howtos that people know of, that would be welcome.
Thanks!
A quick google search turns up:
SnortALog : Snort Analyser Logs
http://jeremy.chartier.free.fr/snortalog/
"Snortalog is a Perl-based Snort log analyzer on steroids with output options to ASCII text, HTML, and graphs (formatted in JPEG, GIF, or PNG). Snortalog is configured and managed from a GUI interface, and it runs on either Linux or Windows. It reads output from Snort in any format (no other tool that we've seen has this feature), including syslog, provides fast and full alerts, and then builds flat text or HTML summary reports. Snortalog's summary reports are similar to ACID's reports, but more compact."
SnortALog : Snort Analyser Logs
http://jeremy.chartier.free.fr/snortalog/
"Snortalog is a Perl-based Snort log analyzer on steroids with output options to ASCII text, HTML, and graphs (formatted in JPEG, GIF, or PNG). Snortalog is configured and managed from a GUI interface, and it runs on either Linux or Windows. It reads output from Snort in any format (no other tool that we've seen has this feature), including syslog, provides fast and full alerts, and then builds flat text or HTML summary reports. Snortalog's summary reports are similar to ACID's reports, but more compact."
ASKER
OK, here's what I didn't get (I think).
snort is at core a packet sniffer with some pattern detection rules and abilities above it.
I was thinking it was like a nagios with definable input channels and pattern detection rules.
snort is at core a packet sniffer with some pattern detection rules and abilities above it.
I was thinking it was like a nagios with definable input channels and pattern detection rules.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.computernetworkinghelp.com/content/view/40/1/