Snort. It won't examine the logs from your Cisco, but if you learn it, it'll make a heckuva NIDS on your network. And the software is OSS, support through the various mailing lists is excellent, and the rule structure is very well documented. There are also tools such as that from activeworx to make managing multiple snort boxes a breeze. Couple that with a good database back-end or snmp to something like OV, and its pretty much unbeatable. There's also an OPSEC patch available. Have to dig that link back up though...
-----Original Message----- From: Greg [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 1:46 PM To: [EMAIL PROTECTED] Subject: Network based intrusion detection I was wondering what everyone is doing for network based intrusion detection? I am looking for something I can use on a University based system with approximately 15000 nodes with various flavors of Unix, Linux, Windows, Mac, etc. I do have access to the logs of all incoming traffic (Cisco netflow). Does anyone have any scripts they use to analyze the logs, ar know of any products that will do this? Thanks in advance for any help. Greg
