[Oisf-users] Suricata deployment
Victor Julien
victor at inliniac.net
Thu Apr 7 08:02:32 UTC 2011
Thanks for the support!
On 04/07/2011 02:29 AM, corenor wrote:
> I wanted to share with the list my experiences with this excellent ids solution.
>
> I have a custom 'appliance' attached to a 1gbps network tap that is
> inside our firewall. The exterior Internet link is 200mbs but full
> gig bursts are possible between various segments that cross this
> inspection point.
>
> The 'appliance' is built on fc9 so I figured I could compile or
> install snort on the box and retrieve valuable info about the traffic.
>
> I had several challenges with snort. I could not get the most recent
> version to compile un fedora core 9. The older version did not like
> most of the snort rules since they introduced new variable types.
>
> I first compiled and configured suricata 1.0. This was not very stable
> so I switched to the 1.1 beta. I am using the emerging threat rules
> along with barnyard2 output and feeding the results to qradar.
>
> Everything is working very well with no stability issues.
>
> Regards, and thank you for this project.
>
>
>
> On 4/1/11, Martin Holste <mcholste at gmail.com> wrote:
>> Couldn't find it on Google, so I thought I'd put it to the list:
>> what's the easiest (and most scriptable) way to suppress an event in
>> Suricata? Can I write to a file and HUP Suricata? This would be for
>> FP tuning from a web GUI.
>>
>> Thanks,
>>
>> Martin
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list