I think that is most secure use a external box to archive IDS data and reports. The firewall boxes normally generate a lot of megabytes of log and are very critical parts of network, so I think that the best way to avoid crashes and possible security issues. It' possible create a vlan for this service if you has a switch with this feature or create a other segment of net to services like this. All this questions are very personal and depends of your network traffic because if you make some scripts to manage databases and logs/reports you can mantain all working fine on the same box ( mysql, acid, snort and netfilter ).
Bye, M. Genaro On Mon, 3 Nov 2003, Craig wrote: > Hi guys > > Is it a perferrable to have snort and acidlab running on a firewall > machine masquerding a network and logging to an internal server running > apache-ssl and mysql ? I would like to setup some sort of IDS but also > have more info on traffic in the internal network ? > > Thnaks > > ..Craig > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >