Multiple IDS Directors

ljones · ‎10-30-2002

I am trying to find documenation that tells me how to set up two primary directors. I know that it can be done I just can't find out how it is done. Can anyone tell me where I can find this information?

jekrauss · ‎10-30-2002

It varies by director type. Keep the following in mind:

1) Right now there are four different directors:

- Unix Netranger Director

- CSPM 2.3.3i

- IDS Device Manager

- IDS Management Center

1) You can only have one director with "auth" capability - that is, only one director authorized to write configurations. Otherwise, you have obvious conflicts. However, you can have multiple alarm destinations.

2) Regardless of director type, if you want alarms to go to additional destinations, then that host needs to to be added in the sensor under:

/usr/nr/etc/hosts

/usr/nr/etc/destinations

Rather than modifying these files manually, you should let your director (which manages the configuration) make these changes. Otherwise, generally, the next time you push a config out from your director, it will overwrite your changes on the sensor. Alternatively, if you do manually edit the sensor, your director may be able to pull the current config in and save it.

HTH

Jeff

ljones · ‎11-04-2002

I am using the Unix Netranger Director. Could I, for example, have 10 sesnors report to director1 and 10 sensors report to director2? Could I also have director1 forward to director2 and vice versa?

d.twaddle · ‎11-11-2002

Hello,

You can specify multiple destinations on each of the sensors. You could have half of the sensors send to Director1 and the other half to Director2. You could have all sensors report to both directors. What sensors models and software versions are you using?

Regards,

Derek Twaddle CISSP, CCDP, CCNP

NEMAIS Project