[Snort-users] Snort Tool Evaluation

M Shirk shirkdog_linux at ...125...
Wed Sep 29 05:20:56 EDT 2004

I too own the Snort 2.0 book, and I would ask Brian Caswell if there are 
plans for a 2.2 or a 2.3 book?

There are differences between 2.0 and 2.1, but not enough to get the 2.1 
book. However, I could be enticed to get the 2.3 with all of the updated 
rule options

When I had a question about newer options in Snort 2.1 I was told to:
RTFM at http://www.snort.org

I was delighted to see that the snort manual had the latest rule options.

The information at http://www.snort.org is enough to get a sensor up and 
running in no time
(and of course if you can not follow Patrick Harpers guides, then you should 
consider a new career in basket weaving).


>From: Dirk Geschke <Dirk_Geschke at ...1344...>
>To: Ty Bodell <tebodell at ...11827...>
>CC: Jo <g01j2027 at ...12488...>, snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] Snort Tool Evaluation
>Date: Tue, 28 Sep 2004 21:06:38 +0200
>Hi Ty,
> > Checkout the book "Managing Security with Snort and IDS Tools".  It's
> > an Oreilly book and it goes over a good amount of the tools designed
> > for snort.  From preprocessors to Web interfaces and Consoles, what
> > works with High Bandwidth deployments, etc.  I don't believe it covers
> > OpenAanval though.  You can extract the pro's and cons from there.
>did you read this book? I just did this and it is by far the uggliest
>book I have seen either by O'Reilly or covering snort.
>If you read the documentation which comes with snort you will get
>better informations than this book will give you.
>If you are looking for a good book then take
>Snort 2.1 Intrusion Detection, Second Edition ISBN 1-931836-04-3
>by Brian Caswell and Jay Beale
>(Ok, I didn't read this book but the first edition covering snort-2.0
>and this book was quite useful. So I expect the second edition will be 
>Best regards
>PS: There are more books on snort available but I read this two books.
>So I can't say anything to the other ones. They might be good or not but
>the O'Reilly book is definitively not useful.
>This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
>Use IT products in your business? Tell us what you think of them. Give us
>Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

More information about the Snort-users mailing list