Snort mailing list archives
RE: questions hids & nids
From: Michael Aylor <maylor () swbanktx com>
Date: Wed, 12 Dec 2001 16:01:37 -0600
1. NIDS works well to correlate HIDS events. Also, NIDS catches events in case you don't have a HIDS agent loaded on every machine. 2. Snort copes very well. The more streamlined your rules set, the better. Lots of reports out on this (I think they have some posted on www.snort.org, look for the NSS report, just released). 3. Even better, it can log to a remote SQL server. I imagine it can log to a remote syslog server as well, but I try to stay away from flat text files (they're icky). No idea about the cvwms stuff. Sorry. Mike -----Original Message----- From: Ronneil Camara [mailto:ronneilc () remingtonltd com] Sent: Wednesday, December 12, 2001 3:34 PM To: snort-users () lists sourceforge net Subject: [Snort-users] questions hids & nids Hi guys, I've got some questions here: 1. Why would I need nids if I already have hids installed on every machine? 2. What about performace issues of snort, how does snort cope up with network traffic? How does it perform on 100mbps? Does it have something to do with NICs? 3. Is it possible for snort to log to a remote syslog server? If so, what entry in snort.conf would it be? Has anyone configured his snort to log to cisco cvwms? Thanks. Neil _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************
Current thread:
- questions hids & nids Ronneil Camara (Dec 12)
- Re: questions hids & nids Jason Robertson (Dec 12)
- Re: questions hids & nids Chris Green (Dec 12)
- <Possible follow-ups>
- RE: questions hids & nids Michael Aylor (Dec 12)