Network security monitoring, Chapter 6, Chapter 6 network security monitoring – Force10 Networks PSeries 100-00055-01 User Manual
Page 43
P-Series Installation and Operation Guide, version 2.3.1.2
43
A key aspect of network security deployment is the ability to monitor the network for security events,
analyze them, and perform counter measures. To that end, the P-Series supports Sguil, an open source
network security monitoring and reporting system that provides the ability to:
•
collect, monitor, and correlate security events/alerts in the network
•
analyze security events based on context
•
categorize and escalate events for intrusion response decisions
The Sguil solution consists of the following components (
):
•
Sensors—Sensors are the systems actually monitoring network traffic and collecting data. Sensors
perform packet captures of network traffic in addition to running Snort in alert mode.
•
Database—The database holds the alert and session data that the sensors collect.
•
Client—The client is the interface to the Sguil server.
•
Server—The Sguil server maintains connections to the sensors, clients, and database.
Figure 27
Sguil Server
Sguil Client
Security Alert Information
P-Series Sensors
fn90025mp
Sguil Architecture
Chapter 6
Network Security Monitoring