Firewall Wizards mailing list archives

Re: Taking a traffic snapshot with network IDS

From: vern () ee lbl gov
Date: Mon, 21 Jun 2010 20:02:02 -0700

That said, an IDS can be turned into one heck of a nice data-gathering
device if it's programmed to collect and report on events rather than
to look specifically for intrusions. I.e.: a DNS logging signature
set, URL logging signatures, DHCP logging, connectivity tracking,
usage statistics, etc.


You might want to check out Bro in this regard, which IMHO excels at this
sort of information gathering/logging.  www.bro-ids.org

                Vern
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Taking a traffic snapshot with network IDS Yack, Daniel (Jun 21)
- Re: Taking a traffic snapshot with network IDS Farrukh Haroon (Jun 21)
- Re: Taking a traffic snapshot with network IDS Marcus J. Ranum (Jun 21)
  - Re: Taking a traffic snapshot with network IDS vern (Jun 21)