snort 퍼포먼스 모니터링
snort 2012. 9. 11. 19:21 |#####스노트 perfmon 옵션실행#####################################
vim /etc/snort/snort.conf
주석제거
preprocessor perfmonitor: time 30 file /var/snort/snort.stats pktcnt 10000
디렉터리 생성
mkdir /var/snort/
스노트 재시작
###################################################################
#####munin설치 & 설정######################################################
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
yum -y install munin
yum -y install munin-node
vim /etc/munin/munin-node.conf
내용수정
st_name snort;snort01 <-- 이름을 지정
allow ^AAA\.AAA\.AAA\.AAA$ <-- 모니터링용 서버의 IP주소(AAA.AAA.AAA.AAA)
vim /etc/munin/munin.conf
내용추가
[snort;snort01]
address BBB.BBB.BBB.BBB <-- 감시할 서버의 IP주소
use_node_name yes
#########snort 관련 플러그인 등록 ###################################
ln -s /usr/share/munin/plugins/snort_* /etc/munin/plugins/
서비스 재시작
service httpd restart
service munin-node restart
'snort' 카테고리의 다른 글
| Managing Snort Alerts (0) | 2013.01.11 |
|---|---|
| Snort On Multiple NICs (0) | 2012.11.09 |
| snort-sms연동(bash) (0) | 2012.04.19 |
| snort 룰설정 (0) | 2012.03.21 |
| sguil 관련 (0) | 2012.02.16 |