[Snort-users] Is snort an over kill just for apache?

Matt Kettler mkettler at ...4108...
Wed Aug 24 09:08:32 EDT 2005

Pigeon wrote:
> I have a server that just does sshd and apache + apache SSL.
> Apache mainly serves files.
> I was wondering if there will be any major benefit in using snort over just
> sifting through the logs with a script and cron.

Sifting the logs won't tell you if someone sent a malformed packet to SSHD,
attempting to exploit it.

Ideally you want to do both. The logs will tell you all the things that apache
and sshd believe they legitamately granted access to. Logs will also tell you
about most legitamate requests which were denied.

Logs won't tell you about all portscans, malformed packets, etc. That's where
snort can help.

More information about the Snort-users mailing list