[CentOS] Intrusion Detection Systems

Mon Oct 1 05:22:13 UTC 2007
Les Bell <lesbell at lesbell.com.au>

John Hinton <webmaster at ew3d.com> wrote:

>>
I did look at snort and actually some people run both snort and OSSEC. I
don't remember the reasons.
<<

Simply put, they're different things. Snort is a network IDS which examines
network traffic packets, looking for the signatures of various attacks.
OSSEC is host IDS which monitors logs for evidence of attacks or misuse on
a host OS. In many installations, you need them both.

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909