Snort mailing list archives
Re: Why are there no open source GUI's for managing multiple Snort sensors?
From: twig les <twigles () yahoo com>
Date: Wed, 25 Sep 2002 13:33:20 -0700 (PDT)
My problem with most GUIs, including some IDS guis that will rename nameless <cough cough netranger>, is that I don't know wth is going on unless I do some serious digging. So while the GUI is helpful in that I don't have to remember a bunch of commands and where conf files are, the positives are balanced by the negatives. So essentially my dream is to be able to maintain identical configurations on multiple snort sensors but still be able to control exactly what command is executing when I hit a button (ie right-click on the button and be able to pull up and edit the command, like in Windowmaker when you goto settings on the icon). So aside from my whining about adding a layer of abstraction, the normal stuff would be nice...rule updates, scp/ssh/sftp, centralized reporting and alert parsing based on things like rule, IP, time etc.. Allowing the user to define their own "macros" would be sweet, that way the beta testers could put out some good templates. --- Carl Samond <dunnun () mailandnews com> wrote:
I can see graphical user interfaces to manage individual sensors and I can see GUIs to analyse alerts from a group of sensors but why is there no tool to provide both management and analysis for multiple sensors? I'm considering pursuing this for my university project so if such a tool exists already I'd like to know, if anyone can help me pin down my requirements I'd be most grateful. I'm interested in hearing about how people would like to use snort (particularly less experienced users). What is a drag about using snort? Would centralised management help a significant number of people? Many thanks Carl.
===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Why are there no open source GUI's for managing multiple Snort sensors? Carl Samond (Sep 25)
- Re: Why are there no open source GUI's for managing multiple Snort sensors? twig les (Sep 25)
- <Possible follow-ups>
- Why are there no open source GUI's for managing multiple Snort sensors? Ron Shuck (Sep 26)
- shellcode alerts on src port 80 Ted Stringer (Sep 26)
- Re: shellcode alerts on src port 80 Chris Green (Sep 26)
- shellcode alerts on src port 80 Ted Stringer (Sep 26)