> I've also had trouble with RedHat...with Snort as well as other apps. I
> switched to FreeBSD and have been very pleased so far.
Interesting... I'll give that a try... thanks mate!
JR
--
Johnny Routin
)?)
-
""Craig Columbus"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> At 06:32 PM 2/13/2003 +0000, you wrote:
> >I've been having trouble with Snort on Red Hat and I've searched high and
> >low and can't find a resolution. My alert file grows to 2GB very quickly
and
> >then crashes the process. I've seen one or two mentions of this same
issue
> >in NG searches but haven't found a resolution. So like someone already
said,
> >your mileage may vary.
> >
> >JR
> >--
> >Johnny Routin
> >
> > )?)
> > -
> >
> >
> >
> >
> >""Carroll Kong"" wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Backing up what Craig said, Snort is probably better performing in
> > > terms of cost/performance than almost all the IDSes out there,
> > > including Cisco. It does not have a end to end solution to make
> > > one's life easier though, at least not out of the box.
> > >
> > > Of course, you will need some sort of a unix background to set it up,
> > > and I do not mean installing Solaris with GUI tools. Pretty easy to
> > > anyone who has worked with a FreeBSD or a Linux box (without using
> > > GUI all over the place and/or rpms everywhere). The idea of no GUI
> > > is probably quite daunting to "enterprise" level engineers.
> > >
> > > You COULD make it have a lot of the "enterprise level" features, but
> > > it requires a lot of work on your part, and of course no commercial
> > > support, so you are on your own. (So, add this to your end cost...)
> > >
> > > If you want a GUI frontend to snort, you can try Demarc, or what they
> > > call themselves "PureSecure" now. There are also some freeware
> > > analyzers, but Demarc/PureSecure is definately one of the nicest
> > > ones. Albeit, it had some bugs, fortunately since they give you
> > > their cgis, if you know some perl, you can patch it yourself before
> > > they get around to it. (unless they changed this behavior, the last
> > > I used was 1.05).
> > >
> > > Puresecure DOES charge for commercial usage, which I suppose puts a
> > > damper on it. Their licensing is a bit ridiculous. However, the
> > > pricing should still be very competitive.
> > >
> > > It's a mixed bag, but if you know your Unix, seems like Snort is a
> > > much cheaper (if you know Unix and programming very well, the
> > > disadvantages aren't that big) IDS solution.
> > >
> > > If you don't, oh well, like all things in life, pay the price for
> > > one's ignorance. :)
> > >
> > > > Someone told me in an authoritative voice today that Cisco doesn't
> > > recommend
> > > > their IDS. They recommend Snort. Is this really true? Isn't Cisco's
IDS
> >a
> > > > big part of SAFE?
> > > >
> > > > Of course, the person who said this doesn't understand that Cisco is
a
> > > huge,
> > > > chaotic organism, and that saying Cisco does something based on what
> one
> > > > person does, doesn't make sense.
> > > >
> > > > But I'm just curious, what do you all recommend for intrusion
> detection?
> > > How
> > > > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit
more
> > > > complicated, requiring appliances or IDS cards in a switch and a
> >console:
> > > >
> > > > Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in"
> >that
> > > > runs on UNIX (Solaris and HP-UX)
> > > >
> > > > Cisco Secure Policy Manager (v2.2+)Windows NT-based package
> > > >
> > > > Thanks.
> > > >
> > > > Priscilla
> > > -Carroll Kong
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63098&t=62939
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
