Re: Best Enterprise Snort Configuration

[Joerg Weber <j.weber () infos de>]

Hello,

tfandango <tfandango () yahoo com> wrote:
> So what snort-related tools do you guys like the best?
>  I will probably try to use mySQL to start off with
> and log to a central database somewhere.  But what
That's the setup I'm running here: MySQL as a central logging facility, the snort sensors pushing data via VPN. Works 
just fine, as far as I can tell.

> tools are available to remotely manage the snort
> application,
SnortCenter is a nice solution for managing different sensors. It's written in PHP, so you can fiddle with things in 
case you dislike them. Look at http://users.pandora.be/larc/ for details.

> display the all sensor alerts in near
> realtime on some central console (I assume this will
> be something that polls the database), etc, etc.
For this, I'm currently happy with ACID, located at http://www.cert.org/kb/acid/ ACID itself can poll a database and 
can therefore be on a different system than the DB itself. I've to admit though that ACID lacks some features in the 
day-to-day usage where managing shown data is concerned.

Hope that helps abit,

Joerg

-- 
----------------------------------
Joerg Weber
Network Security
InfoServe GmbH
Nell-Breuning-Allee 6
66115 Saarbruecken
T: 0681 - 88008 - 0
F: 0681 - 88008 - 33


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users