Snort mailing list archives

Re: snort web interface

From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 24 Aug 2011 09:46:47 -0600

-----Original Message-----
From: Paul Halliday [mailto:paul.halliday () gmail com]
Sent: Wednesday, August 24, 2011 9:39 AM
To: Joel Esler
Cc: Snort Users; Randal T. Rioux
Subject: Re: [Snort-users] snort web interface

On Wed, Aug 24, 2011 at 11:42 AM, Joel Esler <jesler () sourcefire com>

wrote:

Responding to my own email:

If anyone wants to take this task on (side by side comparison of GUI

tools), we'll put it up on Snort.org and I'll give you free stuff!


I nice complement to this would be a survey for the community:

What would you like your interface to do? (in general, open ended

questions)

Features, Reports, Niceties, etc. expand on this of course.

While feature requests are great, the requests always tend to be

somewhat

contrived because they are in within the context of a specific project
and/or developers personal goals.

What do people want?

Using the 'delete events' as an example. This would have never

occurred to

me. I have over 300,000,000 events for the past 2 years and I would

hate to

lose any of that data. It is so rare that I need to delete an event

from the

db that I don't mind striking it from the CLI.

I have been trying to put a survey together but just haven't had the

spare

cycles, I think the results from a survey like this data would

contribute

greatly to all projects out there.


--
Paul Halliday
http://www.squertproject.org/


Good point Paul.  Something to consider is the target audience...for me,
tailing the fast file and tsharking the pcap file is great for realtime
incidents, and snortalog worked ok for trending.  But that's
me....Executives clearly wanted something much more pretty...which is
why I started down the road of a GUI in the first place.

James

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: snort web interface, (continued)
- - - Re: snort web interface Jefferson, Shawn (Aug 23)
    - Re: snort web interface Dustin Webber (Aug 23)
    - Re: snort web interface Jefferson, Shawn (Aug 23)
    - Re: snort web interface Randal T. Rioux (Aug 23)
    - Re: snort web interface Dustin Webber (Aug 24)
    - Re: snort web interface Joel Esler (Aug 24)
    - Re: snort web interface Joel Esler (Aug 24)
    - Re: [Spam] Re: snort web interface Lay, James (Aug 24)
    - Re: [Spam] Re: snort web interface Joel Esler (Aug 24)
    - Re: snort web interface Paul Halliday (Aug 24)
    - Re: snort web interface Lay, James (Aug 24)
    - Re: snort web interface Mike Lococo (Aug 24)
    - Re: snort web interface Jason Meller (Aug 24)
    - Re: snort web interface alexus (Aug 24)
    - Re: snort web interface Paul Halliday (Aug 25)
    - Re: snort web interface Agustin Roca (Aug 27)
    - Re: snort web interface Jason Wallace (Aug 24)
    - Re: snort web interface Paul Halliday (Aug 24)
- Re: snort web interface Richard Bejtlich (Aug 26)
- Re: snort web interface Alex Wright (Aug 23)
- Re: snort web interface Alex Wright (Aug 23)

(Thread continues...)