Snort mailing list archives
Re: questions hids & nids
From: Chris Green <cmg () uab edu>
Date: Wed, 12 Dec 2001 16:45:13 -0600
"Ronneil Camara" <ronneilc () remingtonltd com> writes:
Hi guys, I've got some questions here: 1. Why would I need nids if I already have hids installed on every machine?
You don't necessarily. There might be network components that don't have a HIDS though.
2. What about performace issues of snort, how does snort cope up with network traffic? How does it perform on 100mbps? Does it have something to do with NICs?
Nic/Driver/OS and signature load and output method are the main factors. Can perform fine.
3. Is it possible for snort to log to a remote syslog server?
Yes for alerts.
If so, what entry in snort.conf would it be?
Check snort.conf for output plgins.
Has anyone configured his snort to log to cisco cvwms?
no idea what that is. -- Chris Green <cmg () uab edu> You now have 14 minutes to reach minimum safe distance. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- questions hids & nids Ronneil Camara (Dec 12)
- Re: questions hids & nids Jason Robertson (Dec 12)
- Re: questions hids & nids Chris Green (Dec 12)
- <Possible follow-ups>
- RE: questions hids & nids Michael Aylor (Dec 12)