Using Snort with TIS Firewall Software

["Chris Shepherd" <chris () shepherds plus com>]

Hi

I have a customer who is using TIS Firewal software and has had a security
audit. the main point raised from the audit was that no firewall log
reviewing was done. I believe that all logging from the firewal softawre
goes to /var/adm/messages.

I found Snort on the web, downloaded it, and, as far as I can see, it will
create alert files when breaches of security has been detected - I tried it
on unsuccessful logins, bad su password etc.

However, I do not know how Snort works in a firewall environment. Can
anybody tell me if it will add value to the TIS software or in reality,
shold the TIS software be able to be configured to alert when any security
breaches have been identified.

I look forward to hearing your responses.

Regards
Chris Shepherd