[Oisf-users] How to deploy suricata

Utkarsh Bhargava utkarsh at null.co.in
Thu Aug 2 05:38:02 UTC 2018 

Hi Chris,

Thank you for your response.

I wanted to do full packet capture of all those 120 nodes, Along with 
that I also want to aggregate the logs for all 120 nodes.


Regards

Utkarsh


On Thursday 02 August 2018 04:16 AM, Chris Boley wrote:
> Utkarsh, upon re-reading your question, I realized that I may have 
> misunderstood your question. Are you asking how to position a sensor 
> to monitor 120 endpoints? Or are you asking how to aggregate logging 
> from 120 sensors?
>
> On Wed, Aug 1, 2018 at 6:38 PM Chris Boley <ilgtech75 at gmail.com 
> <mailto:ilgtech75 at gmail.com>> wrote:
>
>     look up OwlH, they’ve created an integration package to put on
>     your suricata sensor and ship the logs to OSSEC / WAZUH.
>
>     Chris
>
>     On Mon, Jul 30, 2018 at 4:11 PM Cooper F. Nelson <cnelson at ucsd.edu
>     <mailto:cnelson at ucsd.edu>> wrote:
>
>         If you are a Cisco shop you should check out ERSPAN:
>
>         https://packetpushers.net/erspan-new-favorite-packet-capturing-trick/
>
>         -Coop
>
>         On 7/28/2018 12:48 AM, Utkarsh Bhargava wrote:
>         > Hi All,
>         >
>         > How to monitor the entire network ( 120 nodes ) using
>         suricata ? Do I
>         > need to install suricata on each device or there's something
>         like
>         > suricata agents as we have in OSSEC ?
>         >
>         > Please help me !
>         >
>         >
>         > Regards
>         >
>         >
>         > _______________________________________________
>         > Suricata IDS Users mailing list:
>         oisf-users at openinfosecfoundation.org
>         <mailto:oisf-users at openinfosecfoundation.org>
>         > Site: http://suricata-ids.org | Support:
>         http://suricata-ids.org/support/
>         > List:
>         https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>         >
>         > Conference: https://suricon.net
>         > Trainings: https://suricata-ids.org/training/
>
>         -- 
>         Cooper Nelson
>         Network Security Analyst
>         UCSD ITS Security Team
>         cnelson at ucsd.edu <mailto:cnelson at ucsd.edu> x41042
>
>
>         _______________________________________________
>         Suricata IDS Users mailing list:
>         oisf-users at openinfosecfoundation.org
>         <mailto:oisf-users at openinfosecfoundation.org>
>         Site: http://suricata-ids.org | Support:
>         http://suricata-ids.org/support/
>         List:
>         https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>         Conference: https://suricon.net
>         Trainings: https://suricata-ids.org/training/
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180802/1773079c/attachment-0001.html>

More information about the Oisf-users mailing list