I've also had trouble with RedHat...with Snort as well as other apps. I switched to FreeBSD and have been very pleased so far.
At 06:32 PM 2/13/2003 +0000, you wrote: >I've been having trouble with Snort on Red Hat and I've searched high and >low and can't find a resolution. My alert file grows to 2GB very quickly and >then crashes the process. I've seen one or two mentions of this same issue >in NG searches but haven't found a resolution. So like someone already said, >your mileage may vary. > >JR >-- >Johnny Routin > > )?) > - > > > > >""Carroll Kong"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Backing up what Craig said, Snort is probably better performing in > > terms of cost/performance than almost all the IDSes out there, > > including Cisco. It does not have a end to end solution to make > > one's life easier though, at least not out of the box. > > > > Of course, you will need some sort of a unix background to set it up, > > and I do not mean installing Solaris with GUI tools. Pretty easy to > > anyone who has worked with a FreeBSD or a Linux box (without using > > GUI all over the place and/or rpms everywhere). The idea of no GUI > > is probably quite daunting to "enterprise" level engineers. > > > > You COULD make it have a lot of the "enterprise level" features, but > > it requires a lot of work on your part, and of course no commercial > > support, so you are on your own. (So, add this to your end cost...) > > > > If you want a GUI frontend to snort, you can try Demarc, or what they > > call themselves "PureSecure" now. There are also some freeware > > analyzers, but Demarc/PureSecure is definately one of the nicest > > ones. Albeit, it had some bugs, fortunately since they give you > > their cgis, if you know some perl, you can patch it yourself before > > they get around to it. (unless they changed this behavior, the last > > I used was 1.05). > > > > Puresecure DOES charge for commercial usage, which I suppose puts a > > damper on it. Their licensing is a bit ridiculous. However, the > > pricing should still be very competitive. > > > > It's a mixed bag, but if you know your Unix, seems like Snort is a > > much cheaper (if you know Unix and programming very well, the > > disadvantages aren't that big) IDS solution. > > > > If you don't, oh well, like all things in life, pay the price for > > one's ignorance. :) > > > > > Someone told me in an authoritative voice today that Cisco doesn't > > recommend > > > their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS >a > > > big part of SAFE? > > > > > > Of course, the person who said this doesn't understand that Cisco is a > > huge, > > > chaotic organism, and that saying Cisco does something based on what one > > > person does, doesn't make sense. > > > > > > But I'm just curious, what do you all recommend for intrusion detection? > > How > > > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more > > > complicated, requiring appliances or IDS cards in a switch and a >console: > > > > > > Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" >that > > > runs on UNIX (Solaris and HP-UX) > > > > > > Cisco Secure Policy Manager (v2.2+)Windows NT-based package > > > > > > Thanks. > > > > > > Priscilla > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62989&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
