Posts Tagged snort

Snort Email Reports

Snort has many logging ability’s, syslog, unixsock, tcpdumps, csv, xml, unified and my favourite, database. All these logging methods are great if you are going to look through your logs regularly. But if your busy doing other things or maintaining snort isn’t you main priority how are you expected to keep up to date with the logs.

I find that having snort email me every morning with a simple report is a much better way of ensuring that no one is attacking my systems. It only takes me a minute to read through the report and if there is something I think needs looking at I can easily log into my database and get as much information on the event as I need. So how do you setup email reports, well if you installed Snort on a Debian based system it is already installed, just not setup correctly: Read the rest of this entry »

, , , , , , , , , , , , ,

3 Comments

Setup an IDS with Snort & MySQL

An Intrusion Detection system is like a burglar alarm for your computer. It monitors you network and system activities for malicious activities or policy violations and reports to some kind of Management Station. This is great as it lets your know who where when & how people are trying to break into your network, and knowing this is half the battle. You may be thinking that this isn’t enough and you want to block all hacks from happening, well most IDS systems include some “Network Intrusion Prevention” features. However the main concern should be closing up vulnerabilities rather then blocking someone already trying to hack your systems ,after all its a bit late if they are already in your system, and this way you may block any innocent users.
Read the rest of this entry »

, , , , , , , , , , , ,

1 Comment