I've been having trouble with Snort on Red Hat and I've searched high and
low and can't find a resolution. My alert file grows to 2GB very quickly and
then crashes the process. I've seen one or two mentions of this same issue
in NG searches but haven't found a resolution. So like someone already said,
your mileage may vary.
JR
--
Johnny Routin
)?)
-
""Carroll Kong"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Backing up what Craig said, Snort is probably better performing in
> terms of cost/performance than almost all the IDSes out there,
> including Cisco. It does not have a end to end solution to make
> one's life easier though, at least not out of the box.
>
> Of course, you will need some sort of a unix background to set it up,
> and I do not mean installing Solaris with GUI tools. Pretty easy to
> anyone who has worked with a FreeBSD or a Linux box (without using
> GUI all over the place and/or rpms everywhere). The idea of no GUI
> is probably quite daunting to "enterprise" level engineers.
>
> You COULD make it have a lot of the "enterprise level" features, but
> it requires a lot of work on your part, and of course no commercial
> support, so you are on your own. (So, add this to your end cost...)
>
> If you want a GUI frontend to snort, you can try Demarc, or what they
> call themselves "PureSecure" now. There are also some freeware
> analyzers, but Demarc/PureSecure is definately one of the nicest
> ones. Albeit, it had some bugs, fortunately since they give you
> their cgis, if you know some perl, you can patch it yourself before
> they get around to it. (unless they changed this behavior, the last
> I used was 1.05).
>
> Puresecure DOES charge for commercial usage, which I suppose puts a
> damper on it. Their licensing is a bit ridiculous. However, the
> pricing should still be very competitive.
>
> It's a mixed bag, but if you know your Unix, seems like Snort is a
> much cheaper (if you know Unix and programming very well, the
> disadvantages aren't that big) IDS solution.
>
> If you don't, oh well, like all things in life, pay the price for
> one's ignorance. :)
>
> > Someone told me in an authoritative voice today that Cisco doesn't
> recommend
> > their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS
a
> > big part of SAFE?
> >
> > Of course, the person who said this doesn't understand that Cisco is a
> huge,
> > chaotic organism, and that saying Cisco does something based on what one
> > person does, doesn't make sense.
> >
> > But I'm just curious, what do you all recommend for intrusion detection?
> How
> > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more
> > complicated, requiring appliances or IDS cards in a switch and a
console:
> >
> > Cisco Secure IDS Director�HP OpenView Network Node Manager "plug-in"
that
> > runs on UNIX (Solaris and HP-UX)
> >
> > Cisco Secure Policy Manager (v2.2+)�Windows NT-based package
> >
> > Thanks.
> >
> > Priscilla
> -Carroll Kong
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62983&t=62939
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
