snort 퍼포먼스 모니터링

#####스노트 perfmon 옵션실행#####################################

vim /etc/snort/snort.conf

주석제거

preprocessor perfmonitor: time 30 file /var/snort/snort.stats pktcnt 10000

디렉터리 생성

mkdir /var/snort/

스노트 재시작

###################################################################

#####munin설치 & 설정######################################################

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

yum -y install munin

yum -y install munin-node

vim /etc/munin/munin-node.conf

내용수정

  st_name snort;snort01          <-- 이름을 지정

  allow ^AAA\.AAA\.AAA\.AAA$  <-- 모니터링용 서버의 IP주소(AAA.AAA.AAA.AAA)

vim /etc/munin/munin.conf

내용추가

  [snort;snort01]

   address BBB.BBB.BBB.BBB   <-- 감시할 서버의 IP주소

    use_node_name yes

#########snort 관련 플러그인 등록 ###################################

ln -s /usr/share/munin/plugins/snort_* /etc/munin/plugins/

서비스 재시작

service httpd restart

service munin-node restart