[Packetfence-users] SNORT question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Has anybody deployed PF with SNORT in a large routed environment?

We have about 40+ buildings on campus and as I understand it we would
need to enable a RSPAN vlan on each of the switches and direct the
traffic to the PF box.  But it seems to me that this would cause A LOT
of overhead.  I would really like to know if SNORT is viable in a larger
environment.

Could it be done that SNORT could be run on a small box ON the local
VLAN that SNORT is supposed to be monitoring and then send violation
notifications to the PF server for the PF server to do with as it
pleases?  This seems like it would be a good way to alleviate overhead
on the uplinks.

Thoughts and comments are welcome.

Jake Sallee

Network Engineer

University of Mary Hardin-Baylor

900 College St.

Belton Texas, 76513

Fone:     254-295-4658

Phax:     254-295-4221