<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Chris,</p>
<p>Thank you for your response.<br>
</p>
<p>I wanted to do full packet capture of all those 120 nodes, Along
with that I also want to aggregate the logs for all 120 nodes.</p>
<p><br>
</p>
<p>Regards <br>
</p>
<p>Utkarsh<br>
</p>
<br>
<div class="moz-cite-prefix">On Thursday 02 August 2018 04:16 AM,
Chris Boley wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPJDwRixzj8jBoMZMXSLzthgBxaBSKTdjBjsy=jXOWnyoz+TLA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div>
<div dir="auto">Utkarsh, upon re-reading your question, I
realized that I may have misunderstood your question. Are you
asking how to position a sensor to monitor 120 endpoints? Or
are you asking how to aggregate logging from 120 sensors?</div>
</div>
<div><br>
<div class="gmail_quote">
<div dir="ltr">On Wed, Aug 1, 2018 at 6:38 PM Chris Boley <<a
href="mailto:ilgtech75@gmail.com" moz-do-not-send="true">ilgtech75@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div dir="auto">look up OwlH, they’ve created an
integration package to put on your suricata sensor and
ship the logs to OSSEC / WAZUH. </div>
</div>
<div>
<div dir="auto"><br>
</div>
<div dir="auto">Chris</div>
</div>
<div><br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Jul 30, 2018 at 4:11 PM Cooper F.
Nelson <<a href="mailto:cnelson@ucsd.edu"
target="_blank" moz-do-not-send="true">cnelson@ucsd.edu</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">If
you are a Cisco shop you should check out ERSPAN:<br>
<br>
<a
href="https://packetpushers.net/erspan-new-favorite-packet-capturing-trick/"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://packetpushers.net/erspan-new-favorite-packet-capturing-trick/</a><br>
<br>
-Coop<br>
<br>
On 7/28/2018 12:48 AM, Utkarsh Bhargava wrote:<br>
> Hi All,<br>
><br>
> How to monitor the entire network ( 120 nodes )
using suricata ? Do I<br>
> need to install suricata on each device or
there's something like<br>
> suricata agents as we have in OSSEC ?<br>
><br>
> Please help me !<br>
><br>
><br>
> Regards<br>
><br>
><br>
> _______________________________________________<br>
> Suricata IDS Users mailing list: <a
href="mailto:oisf-users@openinfosecfoundation.org"
target="_blank" moz-do-not-send="true">oisf-users@openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://suricata-ids.org</a> |
Support: <a href="http://suricata-ids.org/support/"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://suricata-ids.org/support/</a><br>
> List: <a
href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
><br>
> Conference: <a href="https://suricon.net"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://suricon.net</a><br>
> Trainings: <a
href="https://suricata-ids.org/training/"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://suricata-ids.org/training/</a><br>
<br>
-- <br>
Cooper Nelson<br>
Network Security Analyst<br>
UCSD ITS Security Team<br>
<a href="mailto:cnelson@ucsd.edu" target="_blank"
moz-do-not-send="true">cnelson@ucsd.edu</a> x41042<br>
<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a
href="mailto:oisf-users@openinfosecfoundation.org"
target="_blank" moz-do-not-send="true">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://suricata-ids.org</a> |
Support: <a href="http://suricata-ids.org/support/"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://suricata-ids.org/support/</a><br>
List: <a
href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://suricon.net</a><br>
Trainings: <a
href="https://suricata-ids.org/training/"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://suricata-ids.org/training/</a></blockquote>
</div>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Suricata IDS Users mailing list: <a class="moz-txt-link-abbreviated" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a>
Site: <a class="moz-txt-link-freetext" href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a class="moz-txt-link-freetext" href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a>
List: <a class="moz-txt-link-freetext" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
Conference: <a class="moz-txt-link-freetext" href="https://suricon.net">https://suricon.net</a>
Trainings: <a class="moz-txt-link-freetext" href="https://suricata-ids.org/training/">https://suricata-ids.org/training/</a></pre>
</blockquote>
<br>
</body>
</html>