Moving from traditional router to IDS / IPS / UTM... suggestions?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

ZeroOne

Member
Sep 13, 2013
52
6
8
Currently using an Edgerouter PoE. It has a decent interface and nice "traffic analysis" tab for monitoring LAN devices and their internet usage, but the firewall feature has a real lack of reporting.

I'm looking for something that shows both the wan side of the router, to see who's knocking, along with the lan side, to see what's come through.

The goal is to monitor both the noise of the internet at the front door, along with traffic that has come through the port forwards, to see if anything is being attempted or exploited.

It seems like quite a few people here use pfsense along with snort. As a sucker for well presented GUI's, I'm concerned about having a decent way to quickly visualize the results. It seems like there are a couple of options beyond pfsense / snort (which I'd still like to try). Has anyone used AlienVault?

OSSIM: The Open Source SIEM | AlienVault

Also wanting to check out the Sophos free solution but am not fully confident there.

I'd just like to see a decent, easy to read and analyze, log of the clean and dirty sides of the router, rather than be blind.

Any suggestions or experiences are welcome and appreciated! Thanks!!
 

Gary Gapinski

New Member
Oct 24, 2015
17
3
3
73
If all you're interested in is log analysis, Splunk, Graylog, and ELK are all good. I have not used OSSIM but it looks nice. Security Onion is worth a look, as are the components it uses. I use Suricata on the pre-NAT (i.e., inside) interface of my edge router in IDS mode, but still need something to process the logs.