Re: IDS for Unix

From: Callan Tham (
Date: 06/30/05

  • Next message: Baron Biza: "Re: IDS for Unix"
    To: Baron Biza <>
    Date: Thu, 30 Jun 2005 12:07:03 +0800

    On Thu, 2005-06-30 at 01:10 +0300, Baron Biza wrote:
    > Hello, Im new in this list, I never used IDS, I want start with one
    > for Unix (FreeBSD and Linux also), I know about Snort but there are a
    > lot of rules to configure by hand,, the WIndows users of Snort have a
    > program in graphic mode to configure their Snort, but we not :-(, is
    > there any IDS good,with the same level,in graphic mode,or easiest to
    > learn?,thnx,good luck.

    Hi Baron,

    Actually, there isn't much to configure rules-wise for Snort. The rules
    are there, you just tell Snort if you want to use it in its config file.
    If you want graphical management, take a look at SnortCenter[1]. It can
    manage both rules and config files centrally, and is easy to setup and

    But hey, nothing beats vim and a good read of the Snort manual if you're
    on a *nix platform. Even with SnortCenter, the Snort User Manual is a
    must read if you want to know more about writing rules.

    Good luck, and have fun!





  • Next message: Baron Biza: "Re: IDS for Unix"

    Relevant Pages

    • Re: Value of "richer" signatures?
      ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
    • Re: ids inquisition
      ... Subject: ids inquisition ... Snort isn't one of them. ... Brian Caswell - CSV output plugin, ... Christian Lademann - active response, ...
    • RE: IDS recommendations
      ... Subject: IDS recommendations ... Snort is a relatively raw tool and that usually adds ... >> I can appreciate your comments on the ISS product. ...
    • RE: "Free" IDS
      ... I am very surprised noone mentioned Demarc PureSecure IDS solution. ... It cost less than 2000.00 and it runs off of the snort engine and has a big ... if you want to learn snort then just read up on it. ...
    • RE: Test tools for IDS
      ... "Sneeze" is great for Snort IDS. ... Captus Networks IPS 4000 ... Intrusion Prevention and Traffic Shaping Technology to: ...