IDS mailing list archives
Re: session logging IDS
From: Stefan Keller <stefan.keller () gmail com>
Date: Wed, 1 Sep 2004 10:50:51 +0200
Hi, for high-level session overview information older software like ARGUS would work, too. As for the size of the hard drive, that would depend on the volume of traffic that is actually monitored and the frequency of the reviews. If you rotate logs and automatically delete the old ones... All in all, the "log all" approach seems very ambitious, esp. as IDS has a reputation as a dust-collector in many companies. - Will you have staff monitoring the IDS 24/7? With periodic reporting from them? Regards Stefan
Current thread:
- RE: session logging IDS Bob Walder (Aug 31)
- <Possible follow-ups>
- Re: session logging IDS Richard Bejtlich (Aug 31)
- Re: session logging IDS Tod Beardsley (Sep 01)
- Re: session logging IDS David W. Goodrum (Sep 01)
- Re: session logging IDS Stefan Keller (Sep 01)
- Re: session logging IDS Bamm Visscher (Sep 02)
- Re: session logging IDS Alex Butcher, ISC/ISYS (Sep 05)
- Re: session logging IDS Andy Cuff (Sep 06)
- RE: session logging IDS Paine, Steve (Sep 05)
- RE: session logging IDS Murtland, Jerry (Sep 14)
- RE: session logging IDS Alex Butcher, ISC/ISYS (Sep 14)
- RE: session logging IDS Bill Royds (Sep 15)
- RE: session logging IDS Prabhat Singh (Sep 15)
- RE: session logging IDS Alex Butcher, ISC/ISYS (Sep 15)
- RE: session logging IDS BĂ©noni MARTIN (Sep 15)
(Thread continues...)