PLUG October topic, presenters request
foodog
plug-discuss@lists.PLUG.phoenix.az.us
Sun, 23 Sep 2001 06:40:47 -0700
Kevin Brown wrote:
>
> What about snort are you interested in? I have experience setting it up on both
> Linux and Solaris as part of my job.
Well...
Is it a good idea to run it on a box that provides user services, or on
it's own? What kind of resource requirements does it have?
How often do you update it? Do you feel the need to write additional
definitions/scripts for it?
Strategies for using/tracking the information it provides; what about
Aris?
I use portsentry/logcheck now. That gives me too much data, but not
enough specific data.
I'm torn between wanting to know everything funny on our network, and
deploying something that could be a huge ongoing time suck. I know I'm
going to deploy it, but I don't have enough info to be comfortable doing
it.
Steve
>
> > I'm mostly interested in Snort, and only slightly less interested in
> > everything else you listed.
> >
> > FYI, I've gone over my budget and concluded I can safely bankroll a
> > Standard Honorarium for WestSide presentations: Coffee! (Mmmm).
> > Steve
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss