Re: Snort Monitoring

[Krzysztof Przepiorka <Krzysztof.Przepiorka () pro-futuro com>]

Scott M. Algatt wrote:

> All,
>
> Thanks for the reponses!
>
> Let me start by better explaining my current setup and then list the
> different suggested packages.  I wanted to just send a blanket statement
> because I should be able to customize my setup in order to accomodate the
> package of my dreams :)
>
> Anyways, I am already running ACID.  We have about 80+ sensors running and
> they all report to our centralized ACID database using an stunnel'd
> connection.  This is the best thing since sliced bread as far as I am
> concerned.  We are able to view lots of traffic and what not.  The only
> problem is that with 80+ sensors there is no way to tell if a sensor is
> not sending me information.  I was only looking for something to
> accomplish the piece of notification of online/offline status.  After all
> of the responses my brain began to spiral out of control from the
> possibilities of all the different software out there.  There are about
> five pieces of software that were suggested.
>
> Nagios
> www.nagios.com
>
> Snortcenter
> users.pandora.be/larc
>
> Demarc PureSecure
> www.demarc.com
>
> Big Brother
> www.bb4.org
>
> StillSecure Border Guard
> www.stillsecure.com
>
>
>
> I am currently toying with snortcenter for a number of reasons, free,
> integrates with ACID, and I think it fits the bill.
>
> Again thanks to everyone!
>
> Regards,
>
> Scott M. Algatt
>
> Behold the turtle. He makes progress only when he sticks his neck out.
>
>
>
>  
If you only want to monitor if snort daemon is up /down you can always 
use a net-snmp (ucd-snmp) agent to monitor if the processes are running 
or not, if not a trap will be sent to  a management console (i.e. based 
on scotty)

Regards
KP