[Oisf-users] Place to install Suricata
Peter Manev
petermanev at gmail.com
Thu May 14 09:53:15 UTC 2015
On Thu, May 14, 2015 at 10:06 AM, Minh Trung <mvtrung27 at gmail.com> wrote:
> Hi experts,
>
> My network as below:
>
>
> Internet line
> |
> |
> Router
> |
> |
> Switch(Cisco 2960)
> |
> |
> VPN 1 line <------+--------- Firewalls(Fortinet) -------+-------->
> VPN 2 line
> |
> |
> Core switches
> | |
> | |
> LAN VMware system(ESX)
>
>
> Is this possible to place Suricata on vmware ? which spec i need to
> configuration for this machine? I want to capture all from Internet line,
> how to
> configuration Suricata to listen everything on Router, how configuration
> router look like?
> Any help is appreciated,
Nice diagram :) - thanks.
You can mirror (on the Switch(Cisco 2960)) - mirror traffic form one
or more source ports and feed that to a Suri box directly. (you can do
the same mirroring from the "Router internet line" - but that depends
on the router i guess )
But then I would suggest to do one more Suri deployment to monitor the
LAN specifically (Core switches).
Not sure of any further details - do you do NATing/any proxies/VLANs
etc... those could also affect the placement decision.
Which spec i need to configuration for this machine? - that is the
eternal question... :). What type and how much traffic are you looking
at?
>
> Regards,
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list