Security Basics mailing list archives
RE: looging - ids
From: "Jordan, Jason D. \"Dallas\"" <Jason.Jordan () honeywell-tsi com>
Date: Thu, 2 Oct 2003 14:44:53 -0400
I would recommend Snort. It's free and fairly simple to set up. If you use more than one, I would think you could
configure them to all log to a central syslog server. That way all the log files would be centrally located. Though,
I think that as
with any ids, until you get them configured for your network and the "normal" traffic, you may see the logs filling up
quickly with false alarms.
-----Original Message-----
From: me null [mailto:me_null () hotmail com]
Sent: Thursday, October 02, 2003 3:42 AM
To: security-basics () securityfocus com
Subject: looging - ids
hello again every 1
im looking for an ids for my network. now i am right to beleive that an ids
should be on at least 1 pc in each net segmant right? ie DMZ / router /
internel network 1 at ur connection to the internet 1 4 ur dmz and 1 4 ur
internal net correct?
id greatly apricate any advice in regards to log consolidation or loging in
genral. i like to log all activty i can but this makes for log files every
where. yes u can chose where some logs are stored but im more than open to
sugestions on log related things
tx again -- me
_________________________________________________________________
Get MSN 8 Dial-up Internet Service FREE for one month. Limited time offer--
sign up now! http://join.msn.com/?page=dept/dialup
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
Current thread:
- looging - ids me null (Oct 02)
- <Possible follow-ups>
- RE: looging - ids Jordan, Jason D. "Dallas" (Oct 02)