Recommendations for packet capture
Kevin Oberman
rkoberman at gmail.com
Sun Feb 16 21:15:26 UTC 2014
On Sun, Feb 16, 2014 at 12:38 PM, Mark Felder <feld at freebsd.org> wrote:
> Does security/bro or security/snort fit your requirements?
>
security/bro is an extremely powerful IPS, but it is also fairly complex to
configure for a given environment. It was developed under an NSF grant by
the International Computer Science Institute at the University of
California at Berkeley (http://www.icsi.berkeley.edu/). The BRO community
support is at http://bro.org.
We used BRO at the job from which I retired last year. It worked extremely
well and commercial support from a company founded by some of the
developers is now available from Broala (http://www.broala.com). Our
experience with the support was very good, but I suspect it was not cheap.
(I was not involved with the procurement.)
--
R. Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com
More information about the freebsd-net
mailing list