Intrusion Detection Systems mailing list archives
Re: FW: NFR Features
From: Dave Goodrum <dgoodrum () nfr net>
Date: Thu, 14 Sep 2000 15:17:54 -0400
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner () uow edu au NOTE: Remove this section from reply msgs otherwise the msg will bounce. SPAM: DO NOT send unsolicted mail to this list. UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au ----------------------------------------------------------------------------- See reponses below from NFR *****
-----Original Message----- From: owner-ids () uow edu au [mailto:owner-ids () uow edu au]On Behalf Of Carric Dooley Sent: Wednesday, September 13, 2000 10:49 AM To: ids () uow edu au Subject: IDS: NFR FeaturesMaybe Marcus or someone over there can answer these questions: Is NFR able to monitor multiple segments from a single box? i.e. will it support multiple NIC's with multiple instances of the packet driver on a single engine?
***** Yes, we support multiple NICs but don't usually recommend it. The only times I've recommended this configuration is when we want an IDA (Intrusion Detection Appliance) to monitor a failover segment. i.e. only one NIC will actually be gathering data at a time. The second NIC would start seeing traffic if one segment failed and the other kicked in. *****
What solution do you have for consolidated reporting accross multiple engines? Does your mgt console do reporting? Do you use a Crystal Reports engine, etc.?
***** In our 5.0 product you can do an ODBC export from our Central to a database server of your choice (probably Oracle or SQL). From there, you can generate whatever kind of report you want. We do also have some basic canned reports in our 5.0 product listing things like: top 20 attackers, top 20 attackees, top 20 types of attacks, etc. "What is our Central", you may ask. In short: In a distributed environment, you may have many IDAs scattered across the network. Each of these can be set to report it's results back to a single Central. This central, then does all the alerting/reporting/querying. This also allows for completely centralized management of the IDAs scattered around the network. For more information you can download our documentation from www.nfr.net *****
It has been a while since I played with the product, and I was just wondering.
Current thread:
- NFR Features Carric Dooley (Sep 13)
- Re: NFR Features Marcus J. Ranum (Sep 13)
- Message not available
- Message not available
- Message not available
- Re: NFR Features mark . teicher (Sep 14)
- Message not available
- <Possible follow-ups>
- Re: FW: NFR Features Dave Goodrum (Sep 14)
- Re: Re: FW: NFR Features mht (Sep 14)
- Re: Re: FW: NFR Features Marcus J. Ranum (Sep 14)
- Re: Re: FW: NFR Features Dave Goodrum (Sep 14)
- Re: Re: FW: NFR Features mark . teicher (Sep 14)
- Re: Re: FW: NFR Features Dave Goodrum (Sep 14)
- Re: Re: FW: NFR Features mark . teicher (Sep 14)
- Re: Re: FW: NFR Features mht (Sep 14)