Snort mailing list archives

RE: questions hids & nids

From: Michael Aylor <maylor () swbanktx com>
Date: Wed, 12 Dec 2001 16:01:37 -0600

1.  NIDS works well to correlate HIDS events.  Also, NIDS catches events in
case you don't have a HIDS agent loaded on every machine.

2.  Snort copes very well.  The more streamlined your rules set, the better.
Lots of reports out on this (I think they have some posted on www.snort.org,
look for the NSS report, just released).

3.  Even better, it can log to a remote SQL server.  I imagine it can log to
a remote syslog server as well, but I try to stay away from flat text files
(they're icky).

No idea about the cvwms stuff.  Sorry.



Mike

-----Original Message-----
From: Ronneil Camara [mailto:ronneilc () remingtonltd com]
Sent: Wednesday, December 12, 2001 3:34 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] questions hids & nids


Hi guys,

I've got some questions here:

1. Why would I need nids if I already have hids installed on every
machine?
2. What about performace issues of snort, how does snort cope up with
network traffic?
   How does it perform on 100mbps? Does it have something to do with
NICs?
3. Is it possible for snort to log to a remote syslog server? If so,
what
   entry in snort.conf would it be? Has anyone configured his snort to
log 
   to cisco cvwms?

Thanks.

Neil

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


CONFIDENTIALITY NOTICE:

************************************************************************

The information contained in this ELECTRONIC MAIL transmission
is confidential.  It may also be privileged work product or proprietary
information. This information is intended for the exclusive use of the
addressee(s).  If you are not the intended recipient, you are hereby
notified that any use, disclosure, dissemination, distribution [other
than to the addressee(s)], copying or taking of any action because
of this information is strictly prohibited.

************************************************************************

Current thread:

questions hids & nids Ronneil Camara (Dec 12)
- Re: questions hids & nids Jason Robertson (Dec 12)
- Re: questions hids & nids Chris Green (Dec 12)
- <Possible follow-ups>
- RE: questions hids & nids Michael Aylor (Dec 12)