Printable View
I've worked with Snort on and off when dealing with network's and I think that one of Snort's best qualities is it's log file's and the management/monitering of them. You need to constantly moniter your log file's in order for it to work correctly and efficiently.
We use a combination of stuff here currently. Right now it is NFR (Network Flight Recorder) 6.1 and Snort 2.x on a few different boxes.
I have written a plan to migrate from NFR to Demarc Sentarus in the near future, but I will probably still be using Snort on our internal network. I'm looking more for IPS on our external to internal connections and Snort just won't do that... plus we move so much traffic that two of the snort boxes we had watching one of our internet connections just up and died after a couple of minutes. The NFR's are klugy but can handle the traffic demands. :)