> I've also had trouble with RedHat...with Snort as well as other apps. I > switched to FreeBSD and have been very pleased so far.
Interesting... I'll give that a try... thanks mate! JR -- Johnny Routin )?) - ""Craig Columbus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 06:32 PM 2/13/2003 +0000, you wrote: > >I've been having trouble with Snort on Red Hat and I've searched high and > >low and can't find a resolution. My alert file grows to 2GB very quickly and > >then crashes the process. I've seen one or two mentions of this same issue > >in NG searches but haven't found a resolution. So like someone already said, > >your mileage may vary. > > > >JR > >-- > >Johnny Routin > > > > )?) > > - > > > > > > > > > >""Carroll Kong"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Backing up what Craig said, Snort is probably better performing in > > > terms of cost/performance than almost all the IDSes out there, > > > including Cisco. It does not have a end to end solution to make > > > one's life easier though, at least not out of the box. > > > > > > Of course, you will need some sort of a unix background to set it up, > > > and I do not mean installing Solaris with GUI tools. Pretty easy to > > > anyone who has worked with a FreeBSD or a Linux box (without using > > > GUI all over the place and/or rpms everywhere). The idea of no GUI > > > is probably quite daunting to "enterprise" level engineers. > > > > > > You COULD make it have a lot of the "enterprise level" features, but > > > it requires a lot of work on your part, and of course no commercial > > > support, so you are on your own. (So, add this to your end cost...) > > > > > > If you want a GUI frontend to snort, you can try Demarc, or what they > > > call themselves "PureSecure" now. There are also some freeware > > > analyzers, but Demarc/PureSecure is definately one of the nicest > > > ones. Albeit, it had some bugs, fortunately since they give you > > > their cgis, if you know some perl, you can patch it yourself before > > > they get around to it. (unless they changed this behavior, the last > > > I used was 1.05). > > > > > > Puresecure DOES charge for commercial usage, which I suppose puts a > > > damper on it. Their licensing is a bit ridiculous. However, the > > > pricing should still be very competitive. > > > > > > It's a mixed bag, but if you know your Unix, seems like Snort is a > > > much cheaper (if you know Unix and programming very well, the > > > disadvantages aren't that big) IDS solution. > > > > > > If you don't, oh well, like all things in life, pay the price for > > > one's ignorance. :) > > > > > > > Someone told me in an authoritative voice today that Cisco doesn't > > > recommend > > > > their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS > >a > > > > big part of SAFE? > > > > > > > > Of course, the person who said this doesn't understand that Cisco is a > > > huge, > > > > chaotic organism, and that saying Cisco does something based on what > one > > > > person does, doesn't make sense. > > > > > > > > But I'm just curious, what do you all recommend for intrusion > detection? > > > How > > > > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more > > > > complicated, requiring appliances or IDS cards in a switch and a > >console: > > > > > > > > Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" > >that > > > > runs on UNIX (Solaris and HP-UX) > > > > > > > > Cisco Secure Policy Manager (v2.2+)Windows NT-based package > > > > > > > > Thanks. > > > > > > > > Priscilla > > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63098&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]