Mikrotik IPS IDS
Snort already has developed Subscribed and Free service for attack signature update and mechanism for attack detection and alerting.
As Tap of main Internet line is not ideal solution for some cases, like with redundant routers connected with VRRP, it is great to have solution based only on Mikrotik Sniffing Stream.
To install IDS Snort solution, you need computer running Linux OS. Download and install Snort following OS Specific manual, or compile it from source if there is no binary for your OS. Snort Installation Procedures () After full installation, follow configuration parameters to setup Snort. Subscribe to Snort site, to get latest Regular User rules with attack signatures and set them like in manual.
To setup Mikrotik, you need to install Calea package and opet Sniffing Tool. Set Sniffer to listed all Interfaces, and uncheck Only Headers box. Open Streaming tab, and enter IP address of Linux server, check Streaming Enabled, and uncheck Filter Stream. Start your sniffing. File:Example.jpg