Date: Sun, 16 Feb 2014 13:15:25 -0800 From: Kevin Oberman <rkoberman@gmail.com> To: Mark Felder <feld@freebsd.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Recommendations for packet capture Message-ID: <CAN6yY1vRFo4Qwz2HZWhzLUCsBTPSXS9%2B1SzLS9qhfgnEng_u=Q@mail.gmail.com> In-Reply-To: <1392583088.30857.84104745.7521C62A@webmail.messagingengine.com> References: <CAEjQA5L=hCo56SLMgK-wKH-CzOpDN2vHYwP_ySd1QEK5HccM6Q@mail.gmail.com> <1392583088.30857.84104745.7521C62A@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 16, 2014 at 12:38 PM, Mark Felder <feld@freebsd.org> wrote: > Does security/bro or security/snort fit your requirements? > security/bro is an extremely powerful IPS, but it is also fairly complex to configure for a given environment. It was developed under an NSF grant by the International Computer Science Institute at the University of California at Berkeley (http://www.icsi.berkeley.edu/). The BRO community support is at http://bro.org. We used BRO at the job from which I retired last year. It worked extremely well and commercial support from a company founded by some of the developers is now available from Broala (http://www.broala.com). Our experience with the support was very good, but I suspect it was not cheap. (I was not involved with the procurement.) -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vRFo4Qwz2HZWhzLUCsBTPSXS9%2B1SzLS9qhfgnEng_u=Q>