Menu
▾
▴
[Snort-inline-users] IDS with snort inline
|
From: Geoffrey L. [F. C. <gl...@fr...> - 2005-08-05 01:14:59
|
I am building a system that will use snort inline as well as log all alerts to a database. I read in the README.inline that if you want to use your machine as an IPS as well as IDP you should use two snort instances with seperate rules? I am not sure if I am reading this correctly... what would be the problem with using snortinline to drop packets as well as send alerts for the intrusion analyst? "Ideally, snort_inline will be run using only its own drop.rules. If you want to use Snort for just alerting, a separate process should be running with its own ruleset." The above message says " If you want to use Snort for JUST alerting use a separate process... what about alerting AND dropping. Maybe this is a typo? I would hate to have to use two rule sets and two seperate process's when I can use one. Thanks -- Freedom Computers; Geoffrey D. Levy gl...@fr... www.freedomcomputers.ca Phone: (403)710-7147 Fax: (403)251-4517 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.9.9/62 - Release Date: 8/2/2005 |
