I've had very good luck running Snort in my Win2k Office environment. Recently, I've been extending the reporting capabilities of Snort by using it with Demarc (www.demarc.com). Demarc is a web based front end for the Snort NIDS engine and when configured through Demarc, all reported data is stored in a MySQL database. Very nice and very clean for reporting. Demarc is very easy to setup and configure. I had it running within 20 minutes or so from the initial start of the installation process. Also, this way you are able to set up alerts based on priorities setup in your Snort rules. Everything is configurable through a GUI, and if you use Snort with the latest rules set from the Snort site or White Hats (whenever they come back online), you should be more than good to go. Obviously, the rules off of these sites are updated very often and you may not want that great a level of detail. But I leave your rules customizing up to you.
Good luck! Bejon -----Original Message----- From: Gregory Pipkins [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 09, 2002 4:25 PM To: [EMAIL PROTECTED] Subject: Any comments on using SNORT Hello, I am looking a broading my knowledge of using different types of IDS programs. Snort seems like a good open source program. http://www.snort.org Does anyone have any comments about using Snort on their systems? Looking for comments also toward running SNORT on a Windows based system vs Unix/Linux systems. Thanks for your time. Gregory Pipkins ------------------------------------------------ Defend Your Domain! Stop Losing Profits! Discover one simple technique that can multiply the success rate of all your marketing efforts! http://einsiders.gregorypipkins.com ------------------------------------------------ _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
