Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: monitoring screen

From: "Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>
Date: Sat, 11 Sep 2004 22:45:23 -0400
If you want to get a little fancy you can try out Scan Map 3D at
http://scanmap3d.sourceforge.net/ . It takes Snort alerts from a MySQL
database and creates a 3D visualization of it.

As for using the same machine to monitor or a separate one.  That's up to
you and how your environment works.  If you have 1 or 2 Sensors with low
traffic then monitoring from the sensors might be easiest.  If you have 3 or
more sensors and high traffic then a separate database/monitoring server is
best.  If this is just for testing/learning then by all means do it all on
one machine.

You might also want to check out SnortCenter
http://users.pandora.be/larc/index.html for managing your sensors.

Shawn Truax
Sr. Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107


-----Original Message-----
From: Jose Maria Lopez [mailto:jkerouac () bgsec com]
Sent: September 11, 2004 12:13 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] monitoring screen


El sáb, 11 de 09 de 2004 a las 07:59, Fahad Al-Suwais escribió:

Dear…

 

I would ask how to monitor the events that the sensor log.

Is there a different software which should be installed on another
machine (console) to see the events, or it should be monitored on the
same sensor machine.


You can use an ACID console for this work, using a snort sensor logging
to a database. It will update almost on real time.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: