Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Configuring Snort as a HIDS

From: "Sebastien Tricaud" <stricaud () inl fr>
Date: Wed, 5 Dec 2007 07:09:06 +0100 (CET)

    |
    | Just know that the types of alerts you will get from snort on a single
    | server, are entirely different than a true HIDS.  Something like OSSEC by
    | Daniel Cid might be what you are really looking for.

And you can use the Snort Prelude[1] output AND the Ossec Prelude[2] output to
glue your alerts in a single console of management.

You may find more information on Prelude[3] in the Handbook[4].


[1] http://www.snort.org/docs/snort_htmanuals/htmanual_280/node154.html
[2] http://www.ossec.net/wiki/index.php/Know_How:PreludeOutput
[3] http://www.prelude-ids.org
[4] https://trac.prelude-ids.org/wiki/PreludeHandbook



-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: