Manualshelf

Pseries Installation Guide

ManualsBrandsForce10 Networks ManualsNetwork CardPSeries 100-00055-01
41424344454647484950
P-Series Installation and Operation Guide, version 2.3.1.2 43
A key aspect of network security deployment is the ability to monitor the network for security events,
analyze them, and perform counter measures. To that end, the P-Series supports Sguil, an open source
network security monitoring and reporting system that provides the ability to:
collect, monitor, and correlate security events/alerts in the network
analyze security events based on context
categorize and escalate events for intrusion response decisions
The Sguil solution consists of the
following components (Figure 27):
Sensors—Sensors are the
systems actually monitoring network traffic and collecting data. Sensors
perform packet captures of network traffic in addition to running Snort in alert mode.
Databas
e—The database holds the alert and session data that the sensors collect.
Client—The client
is the interface to the Sguil server.
Server—T
he Sguil server maintains connections to the sensors, clients, and database.
Figure 27
Sguil Server
Sguil Clie
nt
Security Alert Information
P-Series Sensors
fn90025mp
Sguil Architecture
Chapter 6 Network Security Monitoring