Re: New IDS best practise

[Martin Holste <mcholste () gmail com>]

All good advice.  One other thing to consider: once you get your IDS
up and running, you're going to need pcap data so you can see what
your alerts were.  At the very least, you're going to need URL logs.
For pcap, you can go the simple route with daemonlogger, more
complicated with sancp, or for a more web-oriented approach, you can
go with my StreamDB.googlecode.com project which integrates with
Snorby.  There's also OpenFPC with Snorby integration, but I wrote
StreamDB because it is faster and I rarely need non-web data.

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!