Security Basics mailing list archives
RE: looging - ids
From: "Jordan, Jason D. \"Dallas\"" <Jason.Jordan () honeywell-tsi com>
Date: Thu, 2 Oct 2003 14:44:53 -0400
I would recommend Snort. It's free and fairly simple to set up. If you use more than one, I would think you could configure them to all log to a central syslog server. That way all the log files would be centrally located. Though, I think that as with any ids, until you get them configured for your network and the "normal" traffic, you may see the logs filling up quickly with false alarms. -----Original Message----- From: me null [mailto:me_null () hotmail com] Sent: Thursday, October 02, 2003 3:42 AM To: security-basics () securityfocus com Subject: looging - ids hello again every 1 im looking for an ids for my network. now i am right to beleive that an ids should be on at least 1 pc in each net segmant right? ie DMZ / router / internel network 1 at ur connection to the internet 1 4 ur dmz and 1 4 ur internal net correct? id greatly apricate any advice in regards to log consolidation or loging in genral. i like to log all activty i can but this makes for log files every where. yes u can chose where some logs are stored but im more than open to sugestions on log related things tx again -- me _________________________________________________________________ Get MSN 8 Dial-up Internet Service FREE for one month. Limited time offer-- sign up now! http://join.msn.com/?page=dept/dialup --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- looging - ids me null (Oct 02)
- <Possible follow-ups>
- RE: looging - ids Jordan, Jason D. "Dallas" (Oct 02)