Why are there no open source GUI's for managing multiple Snort sensors?

["Ron Shuck" <rshuck () Buchanan com>]

Hey Carl,

I am working on a project with a client using Snort and ACID. I am
working on adding some of the functionality of say ISS to the snort
console. So far I have a sensor status or heartbeat function, the
ability to read portscan logs (still working on consolidating them from
multiple sensors), the ability to update rules and conf files, the
ability to start, stop and reboot sensors. I am still working on the
ability to update OS Software (RPMs, etc.).

This deployment had to happen pretty quick, so it's not quite the way I
would want it, but we should be able to utilize some of the code. Our
plan was to release the changes to the dev group as soon as the client
is productional and we have removed any direct references to the client
from the code.

The only remaining issue we had was fault tolerance. The fix was to use
barnyard with a waldo file. However, barnyard does not currently appear
to capture payload data. So, recovery from a loss of communication
between sensor and database server is a grueling, manual process to get
missed events into the database.

Ron Shuck, CISSP - Managing Consultant
Buchanan Associates - A Technology Company in the People Business
http://www.buchanan.com
http://www.isc2.org

Attachment: smime.p7s
Description: