Snort mailing list archives

Re: questions hids & nids

From: Chris Green <cmg () uab edu>
Date: Wed, 12 Dec 2001 16:45:13 -0600

"Ronneil Camara" <ronneilc () remingtonltd com> writes:

Hi guys,

I've got some questions here:

1. Why would I need nids if I already have hids installed on every
machine?


You don't necessarily.  There might be network components that don't
have a HIDS though.

2. What about performace issues of snort, how does snort cope up
with network traffic?  How does it perform on 100mbps? Does it have
something to do with NICs?


Nic/Driver/OS and signature load and output method are the main
factors.  Can perform fine.

3. Is it possible for snort to log to a remote syslog server?


Yes for alerts.

If so, what entry in snort.conf would it be?


Check snort.conf for output plgins.

Has anyone configured his snort to log to cisco cvwms?


no idea what that is.

-- 
Chris Green <cmg () uab edu>
You now have 14 minutes to reach minimum safe distance.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

questions hids & nids Ronneil Camara (Dec 12)
- Re: questions hids & nids Jason Robertson (Dec 12)
- Re: questions hids & nids Chris Green (Dec 12)
- <Possible follow-ups>
- RE: questions hids & nids Michael Aylor (Dec 12)