a bit of motivation to get the documentation up to speed :)
> From: Lee Sheng <momosisco(a)hotmail.com>
> To: focus-ids(a)securityfocus.com
> Subject: Re: snort tamandua or prelude ids plus bro?
> Date: Fri, 06 Aug 2004 22:46:53 +0800
> Actually i'm thinking of adding bro too, but the thing is lack of
> documentation on Bro, can you point me out where can i find useful
> whitepaper or guides on deploying Bro cause I got no time to start
> everything from scratch.
> >From: rmkml <rmkml(a)wanadoo.fr>
> >To: Lee Sheng <momosisco(a)hotmail.com>
> >Subject: Re: snort tamandua or prelude ids
> >Date: Fri, 6 Aug 2004 16:32:49 +0200 (CEST)
> >Hi Lee,
> >add bro in possible choice ?
> >On Fri, 6 Aug 2004, Lee Sheng wrote:
> >>Date: Fri, 06 Aug 2004 18:37:16 +0800
> >>From: Lee Sheng <momosisco(a)hotmail.com>
> >>To: focus-ids(a)securityfocus.com
> >>Subject: snort tamandua or prelude ids
> >>Thanks to all of you who have answered my question, it's so nice to get so
> >>many suggestions nad helps from the community.
> >>My another question is no doubt the snort is one of the best ids compare
> >>to other ids. However I really interested in the tamandua ids which
> >>implementing the boolean layer to detect the patent of the attack(less
> >>alse postive). Anyone have experiences in deploying tamandua ids and I
> >>would like to know whether tamandua ids is still active or the development
> >>of tamandua ids is already dead. If you have experience on deploying,
> >>hopefully you guys can share expericience with me. Then about the prelude
> >>IDS, prelude ids seems very complicated and I still not sure where to
> >>start. Anyone have any ideas cause now I still in the way of thinking
> >>which ids to deploy for the company. Snort, tamandua or prelude?
> >>Prelude seems more in depth on tracking what attacker try to do with HIDS
> >>as well. I've one and half years experience in snort (not in transparent
> >>mode of course). If I want to save my time, sure I will choose snort,
> >>however I would like to hear from you all. Thanks again.
when a event happpend ,how to make its event handler to call a
external command?For example , call a alarm program to alert
administrator or call a external command like iptables to respond the
Is there a function like "exec()" in C?