Hi Richard,
Richard Amerman wrote:
We have just upgraded our firewall from a 2+ year old Bering floppy on
an old 486 to a uClibc 2.3-rc1 box with CF.
Among other things I have setup Snort, the 2.2 version that came on the
ISO image for 2.3-rc1.
Q1: Does anyone have a more recent version of Snort available for
uClibc?
Q2: Does anyone running Snort on a Bering box have any pointers or tips
from their experience?
I only have it looking at the outside interface with tcp-dump and CSV
logging.
I have snort running also on the outside interface, combined with mysql
logging to a seperate server to avoid large logfiles on my
router/firewall. For this you need the snortsql package instead of the
normal snort package and also the libmysql package. On the logging
server I run ACID for the analysis of the intrusions.
Pointers on how to do this can be found at the snort site. The document
most usefull for me was
http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf
Regarding the version of snort, the most recent version I know of is the
one on the Bering-uClibc packages page on sourceforge.
Hope this helps a bit
Eric de Thouars
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
