Anthony David wrote:
> Luca
>
> Now I had time to ponder this a bit more and had a look at my snort
> database after installing snort a few days ago, do you see ntop as a
> complimentary tool or an alternative tool to snort in a short while?
>
>From my viewpoint I don't see the rational of turning Ntop into an intrusion
detection tool when there are other very viable alternatives like Snort out
there. Ntop has turned into a house of cards, way too many features built
on an unstable foundation. No version capable of running for more than a
few minutes has been released in the past year and there are many doubts as
to the accuracy of various traffic statistics. Running an IDS that dies
every five minutes is not of much use. No stable release and no trust adds
up to no use, no matter how pretty it looks and how many features are added.
At this point I would add by taking away, pull the web interface out and run
the app as a CGI or as a daemon that builds static pages to be served by a
standard web server. Strip the thing down to the basics and make it
bullet-proof. The most useful stuff is the traffic tables and accounting.
Get that right and then tack on the other stuff in a modular and methodical
way such that it can easily be pulled or debugged if it introduces stability
problems.
Eric
