Snort mailing list archives
Re: Snort preprocessor perfmonitor
From: Salahudin Wan Khairuzzaman <salahudin () cybersecurity my>
Date: Thu, 09 Dec 2010 11:14:51 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Once submitted to snorby, it will be processed and inserted new sid (sensor id). In this case, Snort that comes with snorby spsa is set as sid 1, so anything new sensors that comes in will be named as sid 2,3,4 and so forth. mysql on snorby must be set to accept connection from remote host + users/IP. Some usefull mysql commands: mysql> select * from sensor; --- print out how many sensors mysql> select * from event order by sid desc limit 10; -- print out events logged Using mailing list can help u to get started, but u need to refer to the documentations and forums/how-tos. :) p/s: actually u can also check this from the snorby frontend (via web). cheers, salahudin On 12/9/10 10:22 AM, Andres Carrera Rivera wrote:
ok I'll change my snort conf. but the snorby server ? dont know the exactly direction, and how can I check after logging some alerts On 12/8/2010 9:05 PM, Salahudin Wan Khairuzzaman wrote: Yes absolutely. - From your Snort configuration, set output log to MySQL server (mysql at snorby server). E.g : output database: log, mysql, user=root password=toor dbname=snorbydb host=192.168.1.1 You can disable snort installed within snorby spsa installation. cheers, salahudin On 12/2/10 11:54 AM, Andres Carrera Rivera wrote:ok I'm downloading the ISO. But I have already installed snort on my machine (ubuntu), isn't there a possibility to configured snorby, but with my snort IDS. On 12/1/2010 10:45 PM, Salahudin Wan Khairuzzaman wrote: Yes, u can try the pre-installed one.. less hectic :) http://bailey.st/blog/snorby-spsa/ cheers, salahudin On 12/2/10 11:11 AM, Andres Carrera Rivera wrote:I haven't heard about it.. I'll check it. but it graph at real time.... ? On 12/1/2010 10:05 PM, Salahudin Wan Khairuzzaman wrote: have u try snorby? just submit the mysql output to snorby server to process that.. cheers, salahudin On 12/2/10 10:36 AM, Andres Carrera Rivera wrote:I read that I can draw graph using the perform monitor with the snortstats file. but how? Is there a perl file called perfstats that work and create real time statistics graph any steps to do that..? or is there other thing I can use to draw graph with snort. I want real time traffic graph. to compare with others traffic graph.. Thanks a lot!! ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App& Earn a Chance To Win $500! Tap into the largest installed PC base& get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel-- Salahudin Bin Wan Khairuzzaman Malaysia Computer Emergency Response Team (MyCERT) CyberSecurity Malaysia (An Agency Under MOSTI) Level 7, SAPURA@MINES, The MINES Resort City 43300 Seri Kembangan, Selangor Malaysia Main Line : +603 89926888 or 1-300-88-2999 Direct Line : +603 89926919 Fax : +603 89453442 Website : http://www.cybersecurity.org.my Website : http://www.mycert.org.myDisclaimer: This email (and any attachment to it) is confidential and intended solely for the use of the individual or entity to whom it is addressed. CyberSecurity Malaysia assumes no liability whatsoever for the content of this email or for the consequences of actions taken based on such content unless it is subsequently confirmed in writing. Unintended recipients are notified that disclosing, copying or distributing of this email, or acting based on its contents, is strictly prohibited; and you are to immediately and permanently delete or destroy this email and notify the sender forthwith.-- Salahudin Bin Wan Khairuzzaman Malaysia Computer Emergency Response Team (MyCERT) CyberSecurity Malaysia (An Agency Under MOSTI) Level 7, SAPURA@MINES, The MINES Resort City 43300 Seri Kembangan, Selangor Malaysia Main Line : +603 89926888 or 1-300-88-2999 Direct Line : +603 89926919 Fax : +603 89453442 Website : http://www.cybersecurity.org.my Website : http://www.mycert.org.myDisclaimer: This email (and any attachment to it) is confidential and intended solely for the use of the individual or entity to whom it is addressed. CyberSecurity Malaysia assumes no liability whatsoever for the content of this email or for the consequences of actions taken based on such content unless it is subsequently confirmed in writing. Unintended recipients are notified that disclosing, copying or distributing of this email, or acting based on its contents, is strictly prohibited; and you are to immediately and permanently delete or destroy this email and notify the sender forthwith.-- Salahudin Bin Wan Khairuzzaman Malaysia Computer Emergency Response Team (MyCERT) CyberSecurity Malaysia (An Agency Under MOSTI) Level 7, SAPURA@MINES, The MINES Resort City 43300 Seri Kembangan, Selangor Malaysia Main Line : +603 89926888 or 1-300-88-2999 Direct Line : +603 89926919 Fax : +603 89453442 Website : http://www.cybersecurity.org.my Website : http://www.mycert.org.my
Disclaimer:
“This email (and any attachment to it) is confidential and intended solely for the use of the individual or entity to whom it is addressed. CyberSecurity Malaysia assumes no liability whatsoever for the content of this email or for the consequences of actions taken based on such content unless it is subsequently confirmed in writing. Unintended recipients are notified that disclosing, copying or distributing of this email, or acting based on its contents, is strictly prohibited; and you are to immediately and permanently delete or destroy this email and notify the sender forthwith.
- -- Salahudin Bin Wan Khairuzzaman Malaysia Computer Emergency Response Team (MyCERT) CyberSecurity Malaysia (An Agency Under MOSTI) Level 7, SAPURA@MINES, The MINES Resort City 43300 Seri Kembangan, Selangor Malaysia Main Line : +603 89926888 or 1-300-88-2999 Direct Line : +603 89926919 Fax : +603 89453442 Website : http://www.cybersecurity.org.my Website : http://www.mycert.org.my -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNAEmrAAoJEAgHMNrD1PZ3YPsIALaZoh0gYHyxwCUtUTuucU1F Lb8iTRb5jtxgCEaU0yuMzZEV6yGi1eRab1YTjn8eXgUJZrLynhDMajJgmZZYnPlH d+rrPRi0uEkKkCmhMHescJgzu5GqIWIn7fjAjzloVjRrEsciaL+q0n++V0sOUHtt guYELfNFkKC67eRUVIH0ruf3K5Rxt86P+Zanlmc7PPoaV/KBgrE8W/e071yjtGI0 YtaP0uG8nDtZORkrhMBPORBtm3VV8IFBJDuiBMwxo95tF1ob0e/KLxnLeTMVTn8n 3QcblQqqV8WgUtmJ9xf8SQr6iz406Or9BrctPjTEpWYbjCejo7U8o9ltcQKzhWs= =/uBX -----END PGP SIGNATURE----- Disclaimer: “This email (and any attachment to it) is confidential and intended solely for the use of the individual or entity to whom it is addressed. CyberSecurity Malaysia assumes no liability whatsoever for the content of this email or for the consequences of actions taken based on such content unless it is subsequently confirmed in writing. Unintended recipients are notified that disclosing, copying or distributing of this email, or acting based on its contents, is strictly prohibited; and you are to immediately and permanently delete or destroy this email and notify the sender forthwith. ------------------------------------------------------------------------------ This SF Dev2Dev email is sponsored by: WikiLeaks The End of the Free Internet http://p.sf.net/sfu/therealnews-com _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 01)
- Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 01)
- Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 01)
- Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 01)
- Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 01)
- Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 08)
- Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 08)
- Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 08)
- Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 01)
- Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 01)