Firewall Wizards mailing list archives
Re: Taking a traffic snapshot with network IDS
From: vern () ee lbl gov
Date: Mon, 21 Jun 2010 20:02:02 -0700
That said, an IDS can be turned into one heck of a nice data-gathering device if it's programmed to collect and report on events rather than to look specifically for intrusions. I.e.: a DNS logging signature set, URL logging signatures, DHCP logging, connectivity tracking, usage statistics, etc.
You might want to check out Bro in this regard, which IMHO excels at this sort of information gathering/logging. www.bro-ids.org Vern _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Taking a traffic snapshot with network IDS Yack, Daniel (Jun 21)
- Re: Taking a traffic snapshot with network IDS Farrukh Haroon (Jun 21)
- Re: Taking a traffic snapshot with network IDS Marcus J. Ranum (Jun 21)
- Re: Taking a traffic snapshot with network IDS vern (Jun 21)