Network Intrusion Detection Systems

NIDS are different from log systems as they are more focused on network traffic and events. Some systems can also handle classic syslogs. NDIS systems are typically feeders for SIEM systems.

• Classic Snort: https://en.wikipedia.org/wiki/Snort_(software)
• Snort alternatives (see also snorby): https://github.com/Snorby/snorby/wiki/Snort-vs-Suricata-vs-Sagan
• Sagan vs Snort: http://www.darknet.org.uk/2010/07/sagan-real-time-system-event-log-syslog-monitoring-system/
• Sguil (squeal): https://en.wikipedia.org/wiki/Sguil

PS: often Snort is used for packet inspection while Sagan is for syslog.