Snort mailing list archives
Re: About to setup snort
From: Richard Bejtlich <taosecurity () gmail com>
Date: Thu, 20 May 2004 23:58:54 -0400
Shaun T. Erickson wrote: The central server would have a mysql database with an acid front-end. I've heard that acid doesn't send alerts (I could be wrong), so the plan would be to have an additional (as yet undetermined) program access the database and send out email/pager alerts as needed.... One sensor will be running on FreeBSD. I see there is a port for snort, but I cannot find one for barnyard. Is there one? -- Hi Shaun, You will probably quickly discover that ACID and other Web-based alert browsers don't give you the full content or session data you need to do real investigations. If you get frustrated with ACID, consider Sguil (sguil.sourceforge.net). When you use Sguil, you realize a Snort alert isn't the end of the story -- it's only the beginning. You can tell Sguil to email you alert information if you so desire. Currently it does not accept alert data from sources other than Snort, so it's not a "complete solution" to your problem. I will be releasing Sguil 0.4.0 install docs for FreeBSD within the next week. The current docs explain how to install 0.3.1, but 0.4.0 has some new features. I also plan to update the dependencies. I hope to time the doc release with Snort 2.1.3. Concerning Barnyard on FreeBSD -- there is currently no port. However, you can get 0.2.0 to compile fine from source with MySQL 4.0.x if you follow my hint from this thread: http://www.mcabee.org/lists/snort-users/May-04/msg00240.html I also run full Sguil sensor and server installs on Red Hat Linux 9.0. Good luck, Richard http://www.taosecurity.com ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- About to setup snort Shaun T. Erickson (May 20)
- Re: About to setup snort James Edwards (May 20)
- <Possible follow-ups>
- RE: About to setup snort Truax, Shawn (MBS) (May 20)
- Re: About to setup snort Shaun T. Erickson (May 21)
- Re: About to setup snort Richard Bejtlich (May 20)
- Re: Re: About to setup snort Shaun T. Erickson (May 21)
- Re: Re: About to setup snort Bamm Visscher (May 22)
- Re: Re: About to setup snort Shaun T. Erickson (May 21)