Re: Snort Monitoring

From: Scott M. Algatt (turtle@turtleshell.net)
Date: 10/29/02

• Previous message: Kevin Jones: "Re: Changes in IDS Companies?"
• In reply to: Todd Holloway: "Re: Snort Monitoring"
• Next in thread: Krzysztof Przepiorka: "Re: Snort Monitoring"
• Next in thread: Brennen Reynolds: "RE: Snort Monitoring"
• Reply: Krzysztof Przepiorka: "Re: Snort Monitoring"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 29 Oct 2002 10:33:02 -0500 (EST)
From: "Scott M. Algatt" <turtle@turtleshell.net>
To: focus-ids@securityfocus.com

All,

Thanks for the reponses!

Let me start by better explaining my current setup and then list the
different suggested packages. I wanted to just send a blanket statement
because I should be able to customize my setup in order to accomodate the
package of my dreams :)

Anyways, I am already running ACID. We have about 80+ sensors running and
they all report to our centralized ACID database using an stunnel'd
connection. This is the best thing since sliced bread as far as I am
concerned. We are able to view lots of traffic and what not. The only
problem is that with 80+ sensors there is no way to tell if a sensor is
not sending me information. I was only looking for something to
accomplish the piece of notification of online/offline status. After all
of the responses my brain began to spiral out of control from the
possibilities of all the different software out there. There are about
five pieces of software that were suggested.

Nagios
www.nagios.com

Snortcenter
users.pandora.be/larc

Demarc PureSecure
www.demarc.com

Big Brother
www.bb4.org

StillSecure Border Guard
www.stillsecure.com

I am currently toying with snortcenter for a number of reasons, free,
integrates with ACID, and I think it fits the bill.

Again thanks to everyone!

Regards,

Scott M. Algatt

Behold the turtle. He makes progress only when he sticks his neck out.

---

• Previous message: Kevin Jones: "Re: Changes in IDS Companies?"
• In reply to: Todd Holloway: "Re: Snort Monitoring"
• Next in thread: Krzysztof Przepiorka: "Re: Snort Monitoring"
• Next in thread: Brennen Reynolds: "RE: Snort Monitoring"
• Reply: Krzysztof Przepiorka: "Re: Snort Monitoring"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Snort Monitoring ... Scott M. Algatt wrote: ... >different suggested packages. ... >because I should be able to customize my setup in order to accomodate the ... (Focus-IDS) Re: Microsoft copies Apple...again (sigh) ... Since GarageBand came out ofter Acid by Maccie logic it copied Acid. ... implementing a pretty obvious metaphor. ... it's called being setup and being too friggin' dense to know you are ... (comp.sys.mac.advocacy) Re: SNORT front-ends? ... I used one out there called SnortReport. ... I liked the interface for it ... better than ACID and it was easy to setup. ... (alt.os.linux) [9fans] printing via local attached printer with gs driver ... has anyone a setup like this one working? ... I have a line in the devices file like: ... cpu% acid 26529 ... acid: stk; ... (comp.os.plan9)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2002-10