Snort mailing list archives
Re: Snort Reporting and Capture
From: "larc" <larc () pandora be>
Date: Thu 23 Jan 2003 12:21:34 +0100
Hi, If go for a web based solution, you can use 'ACID' to monitor the alerts and to manage your snort configuration and rules 'SnortCenter' There is a good manual to install a all this http://www.superhac.com/snort/snort_enterprise.pdf ACID: www.cert.org/kb/acid SnortCenter: users.pandora.be/larc/ Regards, Stefan D. ------------------------ Michael <xeon () xshellr8 com> wrote: ------------------------ Hello everyone,
I'm new to snort and would like to get your valuable feedback on some of the utilities that are out there that can help me manage and view snort results as they are captured. What I'm really looking for first of all is a utility that can capture the alerts and warnings, displaying them either through a web interface and or it's own UI. I would also like to know of any utilities out may be out there that help with snort configuration, such as changes you would like to add or help with adding new rules etc., that may be available. Here is a brief description of my setup and would appreciate any feedback you all could provide that may be best for my particular case. I'm running a single FreeBSD machine with multiple IP's (total of five). From this machine I run a webserver and also IRC related programs/processes. This machine acts as it's own Gateway and firewall and would like to add snort to monitor all the traffic to and from this machine. What would you recommend as the best setup with this type of layout that would provide an easy way to constantly monitor the traffic as stated above? Any and all feedback is welcome. Thanks for your time in advance, Michael ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Reporting and Capture Michael (Jan 23)
- <Possible follow-ups>
- Re: Snort Reporting and Capture larc (Jan 23)