All the time, money, and effort invested into an IDS can quickly become meaningless if you’re not looking at the logs and monitoring the alerts. If you’re administering a fairly large network, this could take significant time and resources. Even if you’re administering a small home network, looking at logs can still be a tedious task! Fortunately, Snort and many of its add-on products include numerous ways to make logging and alerting easier and more efficient. You can configure Snort to use a variety of output plug-ins, allowing you to log data as ASCII text files, binary files, databases, and more. Add-on products such as Swatch and Barnyard analyze the logs and alerts in easy-to-use formats. This chapter introduces you to the many options for viewing log and alert data, so there is no reason to let your IDS go a day unnoticed!

Remember to consider security when transmitting log data via methods such as syslog, email, and pager notifications. Your logging methods should comply with your company’s overall security policy. The event data that is logged and transmitted should be considered confidential, and possibly encrypted in transit and/or in storage.