# IDS - need a fast basic setup - looking for options

## njcwotx

Hi, I have a requirement to install an IDS at work.  We are currently looking at purchasing some solution, but this takes time to weed out what we want and most are very expensive.  However, we are under the gun to "get something installed".

I was asked if I could whip up an open source IDS with Snort or equivalent product and have a way of generating reports as a stopgap.  I installed Snort long ago and it actually worked.  I remember it was fairly chatty and was information overload.  I did not get to the point I had a front end to it.  So that is a must, I need a manager to be able to look at it and see alerts and get a report.

I could use some suggestions on rigging up a listener and a front end to generate some reports and sift through alerts.

Right now, Snort and barnyard is my first thought, but I don't have a lot of experience with different choices.

----------

## massimo

Putting Snort's logs in Splunk, ELK or Zenoss might help you generating reports. Alerts can be triggered in Splunk or Zenoss. If you want to spend some extra effort on event correlation you can take a look at SEC. Correlated event can then in turn forwarded to ,e.g., Zenoss again although Zenoss itself is capable of correlating events (to some extent).

Another interesting project on that front (IDS) with a slightly different approach is BRO.

----------

## dewke

 *massimo wrote:*   

> Putting Snort's logs in Splunk, ELK or Zenoss might help you generating reports. Alerts can be triggered in Splunk or Zenoss. If you want to spend some extra effort on event correlation you can take a look at SEC. Correlated event can then in turn forwarded to ,e.g., Zenoss again although Zenoss itself is capable of correlating events (to some extent).
> 
> Another interesting project on that front (IDS) with a slightly different approach is BRO.

 

I deployed splunk at my last job.  It's a great product if you have the budget for it.

----------

