I've asked this question. No, Snort, will not be included. I have no idea why. It seems like more of a network security item than a DNS proxy or HTTP proxy. I've resorted to building one for myself. It would be nice if the Snort Sensor could be installed and have the database elsewhere. v4 will have a Hardening interface so that an external IDS can interface with the firewall to "harden" it in response to an attack. Or so I've been led to believe.
I've asked this question. No, Snort, will not be included. I have no idea why. It seems like more of a network security item than a DNS proxy or HTTP proxy. I've resorted to building one for myself. It would be nice if the Snort Sensor could be installed and have the database elsewhere. v4 will have a Hardening interface so that an external IDS can interface with the firewall to "harden" it in response to an attack. Or so I've been led to believe.
I know, I know. I'd really like Snort too. Mandrake SNF and MNF both have Snort AND Prelude. I would really be nice to have something like this for snort. I just feel like ASL deserves this feature. Snort 2.0 (due soon) is supposed to be blazing fast as compared to 1.8.7.
Question... Isn't snort the reason they put in the Hardened interface? kinda to be well as a maintnance port/diag port on certain switches.
True it's a pain that Snort isn't on the same box but they probly made it this way to keep the load down on the box because of the other proxies that were put in.
Machine capability isn't a real issue. Like any other feature in ASL it uses processor power. It is the user's responsibility to make sure his/her hardware is up to the task. If someone has throughput requirements that would neccessitate a P4-2.8GHz machine if they wanted to run Snort, then they probably have the resources to run a separate machine for Snort. An integrated version of snort would be for light duty users. A few megabits/sec would be no big deal for a PIII-800. I think some folks here are using PIII-1GHz boxes.
Hi, I'm running snort on my ASL Box, i've compiled it with the plusplack wich u can get from docs.astaro.org in the hacking section, I'm using snort 1.9.0 which connects to an oracle 9i database in a different computer, also I have a ADSL connection 512Kbps dl 128 upl and my astro box is a Pentium 166Mhz with 256Mbps and ASL runs like a charm!!!!
Anyway to compile Snort standalone: install pluspack get snort from www.snort.org 1.9.0 untar snort-1.9.0.tgz do ./configure --prefix=/pluspack make make install get the rules for snort and then configure it....
