Describes how to use the Swatch tool to automate filtering of security and system logs.

In a nutshell, the simplest way to define an IDS might be to describe it as a specialized tool that knows how to read and interpret the contents of log files from routers, firewalls, servers, and other network devices.

Today, two types of IDS are available on the market. One that relies on analysis of each incoming packet whether it matches specific attack signatures or not, while another is based on the specific behavior of networks and users.

Many managers and network administrators believe that since they have a firewall constructed by security experts then they are protected from unwarranted attacks and can sleep well at night. Nothing could be further from the truth!