*not a kung fu master, (goju ryu maybe)*

Are you just asking about snort on linux? it is pretty
simple to install, Pretty straight forward to maintain
if you can understand a statefull firewall rule you
should be fully capable of learning snort rules. Snort
is very flexable, i have one snort box handling a 50
server network with a 20,000 user base accessing the
data and the snort box keeps up just fine (red hat 7.3
pentium ~1.ghz 512mb ram)

IMHO the snort w/ red hat 7.3 guide on snort.org is a
fine setup guide to follow. There are other guides for
other os's if red  hat isn't your deal.

--- Kurt Kessler <kessler2k@yahoo.com> wrote:
> Someone mentioned looking for something like this a
> day or two ago. I am thinking about trying it out
> myself, but havent as of yet. Do any of the kung fu
> masters have any input on this? sound good or a
> waste
> of time?
> 
>
http://216.239.39.100/search?q=cache:IPs9T1DdqMsC:www.sans.org/rr/intrusion/practical_guide.php+how+
to+linux+ids+red+hat&hl=en&ie=UTF-8
> 
> (the google cached page loads faster, trust me)
> 
> Kurt
> 
> __________________________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo
> http://search.yahoo.com
> 
> 
> majordomo@kclug.org
> Enter without the quotes in body of message

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com