We had hoped so as well, but appearances seemed to be
deceiving... If it doesn't show up in a parseable log
file, it doesn't get detected. Look here in the white
paper:

Data sources monitored by the IDS/9000 on the host
include:

1. Kernel audit data that is generated by a trusted
component of the operating system. It includes
analyzing system calls including parameters and
outcomes.
2. System log files are monitored because they
contain data on login/logout, commands executed by
users; reports from network service daemons and
records of HTTP and FTP file transfers.
3. Database server or other application server logs
are analyzed for their data on activity. This enables
detection of well-known attacks.

--- mhtclark.net wrote:
> It looked like a lot more than a fancy UI running
> swatch underneath it. It
> appears that it interoperates with the HP-UX a lot
> stronger than
> configuring swatch. ??
>
> /m
>
> At 08:55 AM 1/11/2002 -0800, Allovair Entellon
> wrote:
> >I've looked at this in the past. Our conclusion
> was
> >that calling it a Host-based intrusion detection
> >system was unfair, given how the product operated.
> >You could duplicate 95% of the functionality with
> >swatch and a good config file.
>

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]