IDS mailing list archives
Re: session logging IDS
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 30 Aug 2004 14:48:09 -0400
Do you want to log the entire session always on a specific port or between two IPs or are you looking to log the entire session if there's a detect on it?
-Marty On Aug 30, 2004, at 7:17 AM, Raj Malhotra wrote:
Hello all, We are evaluating available NIDS products which would work at 100 mbps and would also do "session logging". By "session logging", we would want the IDS to log the "entire session" and not just the session "after" an intrusion is detected.We saw a couple of IDS which would probably be able to do something like this,Cisco IDS Intrushield Cisco offers session logging as well as replay. Intrushield says something like "Highly customized capture of individual packet, individual session, specific source/destination, or entire traffic stream upon attack detection" which might be translated as "logging of the session only after an attack has been detected". Can anyone tell us more about these or any such IDS that are available which can log the entire session. Also, has anyone used any of these and with what degree of success? You can mail us back off the list if you so wish so. thanks Raj
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
Current thread:
- session logging IDS Raj Malhotra (Aug 30)
- Re: session logging IDS Martin Roesch (Aug 30)
- Re: session logging IDS David W. Goodrum (Aug 30)
- Message not available
- Re: session logging IDS Raj Malhotra (Aug 31)
- Message not available