Menu
What's new
By:
Filters Better Search

psad as an intrusion detection system for Merlin?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Marko Polo

Senior Member
Recently I've known about such util as psad which serves for analyzing iptables logs and detection/prevention of intrusions and suspicious activity in realtime. Is it worth it to install it locally on router as an security solution and have anybody ever had such experience? Just out of curiosity.
Psad reports and visualization seems decent for me and it is a long-proven reputed solution. Fail2ban is good too, but it seems to me they have different application areas and can complement each other.
 
Marko Polo said:
Recently I've known about such util as psad which serves for analyzing iptables logs and detection/prevention of intrusions and suspicious activity in realtime. Is it worth it to install it locally on router as an security solution and have anybody ever had such experience? Just out of curiosity.
Psad reports and visualization seems decent for me and it is a long-proven reputed solution. Fail2ban is good too, but it seems to me they have different application areas and can complement each other.
Click to expand...
No experience with psad but I'm currently looking into three different options (still researching to see which is best for IDS/IPS and my needs)

Option 1 - Home Monitoring w/ Splunk (Asus router)

Option 2 - BriarIDS, runs on a Raspberry Pi

Option 3 - Incorporate both depending on the lag time from the load

Hope this helps
 
Vexira said:
Have you looked at snort ips?
Click to expand...
Originally I was looking into BriarIDS since it's able to run on a RP3 but there arent any alert settings for email or phone. My end game is to get the hardware needed to setup Security Onion but until then I'm just looking for something simple with alerts via email or text. Until I gain some more networking knowledge anyways.

I've heard of Snort but haven't looked into it much. I'll give it a more in depth look to see if it fits my needs, thanks!
 
You must log in or register to reply here.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 746 (members: 29, guests: 717)
Top