AW: Snort Monitoring output Question

[Heyde Fritjof <fritjof.heyde () ivm-solve-it com>]

Sure,

log the data to, for example an Mysql database, on the localhost, or on a
trusted mashine in the intranet.
then run a httpd on that mashine (within the intranet) with, for example
Acid as GUI.

Or you start a simple webserver on a win mashine in the intranet (like LWS
or something) and use your samba to read the logged data from the server.
(Of course the samba directory(snort logfiles) is only accessable from that
mashine)
And then download some loggfile parser and run it over the logs.

hope i could give you an idea!

Bydlo

-----Ursprüngliche Nachricht-----
Von: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]Im Auftrag von cdowns
Gesendet am: Montag, 25. Februar 2002 14:57
An: snort-users () lists sourceforge net
Betreff: [Snort-users] Snort Monitoring output Question

Good Morning all,
    We It has come time that management would like to see Live Logs and
Network Activity. I have been running Snort for sometime on all gateways
to our network with SSH2 RSA access. What my big question is what is the
best way to let them see these logs LIVE with an HTML interface without
Running HTTPD on the localhost ? IS there a way to move this data to a
trusted location ? without losing the sense of IDS (Secrecy).

Thanks in Advance.

~!>D

--
---------------------------------
  Network Security Administrator
      Skillsoft Corporation
    http://www.skillsoft.com
      cdowns () skillsoft com
 "You can't point and click your
   way to super cracker status"
---------------------------------



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users