Snort mailing list archives
Re: [Semi-OT] What other applications contribute to Snort being a complete package?
From: "Justin Heath" <justin.heath () gmail com>
Date: Wed, 22 Aug 2007 10:35:02 -0400
Snort is a complete package. However, there are some libraries that are required to make snort useful such as pcap and pcre. Depending on how you use Snort and what your objectives are, there are many add-ons that add value depending on what you are trying to do. Snort is just an IDS / IPS at the end of the day. If you want an analyst console or remediation etc. this is when you need to start looking at add-ons. Here are some popular additions: flop (unified) barnyard (unified) syslog (log shipping / sim integration) swatch (log watching) base (analysys) squil (analysys) oinkmaster (rules) This is not a comprehensive list (just off the top of my head), but this should give you some areas to research. I'm sure others will be happy to chime in as to what add-ons they like to use. Cheers, Justin On 8/22/07, James Lay <jlay () slave-tothe-box net> wrote:
Hey all! As my post about diagnosing the mysql server has gone away messages enlightened me on that I need barnyard, now I'm curious...what other packages make Snort a complete package? I have snort, mysql, apache, php and recently added oinkmaster, but what else? Barnyard...and? Just curious. James ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [Semi-OT] What other applications contribute to Snort being a complete package? James Lay (Aug 22)
- Re: [Semi-OT] What other applications contribute to Snort being a complete package? Justin Heath (Aug 22)
- Re: [Semi-OT] What other applications contribute to Snort being a complete package? Joel Esler (Aug 22)