Using Snort v1.8 with SnortSnarf on a RedHat Linux System

To effectively implement system and network security, a multi pronged approach should be used. Proper security policies, firewalls, proxy servers, properly complex passwords and intrusion detection systems layered together help form one of the bedrock principles, defense in depth. The purpose of defense in depth is to prevent inherent and unknown flaws in the technologies deployed from allowing unauthorized access into a system or server. The intrusion detection system's (IDS) job is to log attempts of unauthorized network access into the systems. There are two basic types of IDS systems, host-Based (HIDS) and network-based (NIDS). A host-based system would be on each and every host to be monitored. A network based IDS monitors the network traffic and is not directly impacted by which OS types are installed. The OS mix is only important in deciding which rule sets to deploy. The IDS system log files along with system log files go a long way to implement another principle 'Prevention is Ideal but detection is a must.' But what does detection do if the data is buried deep within the IDS log files? This analysis concentrates on several ways of getting the log file information from an open source IDS system called Snort. The tool that is explored for that purpose is SnortSnarf.