Snort mailing list archives
Re: Configuring Snort as a HIDS
From: "Sebastien Tricaud" <stricaud () inl fr>
Date: Wed, 5 Dec 2007 07:09:06 +0100 (CET)
| | Just know that the types of alerts you will get from snort on a single | server, are entirely different than a true HIDS. Something like OSSEC by | Daniel Cid might be what you are really looking for. And you can use the Snort Prelude[1] output AND the Ossec Prelude[2] output to glue your alerts in a single console of management. You may find more information on Prelude[3] in the Handbook[4]. [1] http://www.snort.org/docs/snort_htmanuals/htmanual_280/node154.html [2] http://www.ossec.net/wiki/index.php/Know_How:PreludeOutput [3] http://www.prelude-ids.org [4] https://trac.prelude-ids.org/wiki/PreludeHandbook ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Configuring Snort as a HIDS Kaplan, Andrew H. (Dec 04)
- Re: Configuring Snort as a HIDS Seth (Dec 04)
- Re: Configuring Snort as a HIDS Jason Haar (Dec 04)
- Re: Configuring Snort as a HIDS Sebastien Tricaud (Dec 04)
- Re: Configuring Snort as a HIDS Seth (Dec 04)