Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort preprocessor perfmonitor

From: Salahudin Wan Khairuzzaman <salahudin () cybersecurity my>
Date: Thu, 09 Dec 2010 11:14:51 +0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Once submitted to snorby, it will be processed and inserted new sid
(sensor id). In this case, Snort that comes with snorby spsa is set as
sid 1, so anything new sensors that comes in will be named as sid 2,3,4
and so forth. mysql on snorby must be set to accept connection from
remote host + users/IP. Some usefull mysql commands:

mysql> select * from sensor;  --- print out how many sensors

mysql> select * from event order by sid desc limit 10; -- print out
events logged

Using mailing list can help u to get started, but u need to refer to the
documentations and forums/how-tos. :)

p/s: actually u can also check this from the snorby frontend (via web).

cheers,
salahudin

On 12/9/10 10:22 AM, Andres Carrera Rivera wrote:

ok I'll change my snort conf.
but the snorby server ?
dont know the exactly direction, and how can I check after logging some
alerts


On 12/8/2010 9:05 PM, Salahudin Wan Khairuzzaman wrote:
Yes absolutely.

- From your Snort configuration, set output log to MySQL server (mysql at
snorby server). E.g :

output database: log, mysql, user=root password=toor dbname=snorbydb
host=192.168.1.1

You can disable snort installed within snorby spsa installation.

cheers,
salahudin

On 12/2/10 11:54 AM, Andres Carrera Rivera wrote:

ok I'm downloading the ISO.
But I have already installed snort on my machine (ubuntu), isn't there a
possibility to configured snorby, but with my snort IDS.

On 12/1/2010 10:45 PM, Salahudin Wan Khairuzzaman wrote:
Yes, u can try the pre-installed one.. less hectic :)

http://bailey.st/blog/snorby-spsa/


cheers,
salahudin
On 12/2/10 11:11 AM, Andres Carrera Rivera wrote:

I haven't heard about it.. I'll check it. but it graph at real
time....
?

On 12/1/2010 10:05 PM, Salahudin Wan Khairuzzaman wrote:
have u try snorby? just submit the mysql output to snorby server to
process that..


cheers,
salahudin

On 12/2/10 10:36 AM, Andres Carrera Rivera wrote:

I read that I can draw graph using the perform monitor with the
snortstats file.
but how?
Is there a perl file called perfstats that work and create real
time
statistics graph
any steps to do that..?

or is there other thing I can use to draw graph with snort.
I want real time traffic graph. to compare with others traffic
graph..

Thanks a lot!!


------------------------------------------------------------------------------



Increase Visibility of Your 3D Game App&    Earn a Chance To
Win $500!
Tap into the largest installed PC base&    get more eyes on your
game by
optimizing for Intel(R) Graphics Technology. Get started today
with the
Intel(R) Software Partner Program. Five $500 cash prizes are up
for
grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel



-- Salahudin Bin Wan Khairuzzaman
Malaysia Computer Emergency Response Team (MyCERT)
CyberSecurity Malaysia (An Agency Under MOSTI)
Level 7, SAPURA@MINES,
The MINES Resort City
43300 Seri Kembangan, Selangor
Malaysia

Main Line : +603 89926888 or 1-300-88-2999
Direct Line : +603 89926919
Fax : +603 89453442
Website : http://www.cybersecurity.org.my
Website : http://www.mycert.org.my

Disclaimer:
This email (and any attachment to it) is confidential and intended
solely for the use of the individual or entity to whom it is
addressed. CyberSecurity Malaysia assumes no liability whatsoever for
the content of this email or for the consequences of actions taken
based on such content unless it is subsequently confirmed in writing.
Unintended recipients are notified that disclosing, copying or
distributing of this email, or acting based on its contents, is
strictly prohibited; and you are to immediately and permanently delete
or destroy this email and notify the sender forthwith.



-- Salahudin Bin Wan Khairuzzaman
Malaysia Computer Emergency Response Team (MyCERT)
CyberSecurity Malaysia (An Agency Under MOSTI)
Level 7, SAPURA@MINES,
The MINES Resort City
43300 Seri Kembangan, Selangor
Malaysia

Main Line : +603 89926888 or 1-300-88-2999
Direct Line : +603 89926919
Fax : +603 89453442
Website : http://www.cybersecurity.org.my
Website : http://www.mycert.org.my



Disclaimer:
This email (and any attachment to it) is confidential and intended
solely for the use of the individual or entity to whom it is
addressed. CyberSecurity Malaysia assumes no liability whatsoever for
the content of this email or for the consequences of actions taken
based on such content unless it is subsequently confirmed in writing.
Unintended recipients are notified that disclosing, copying or
distributing of this email, or acting based on its contents, is
strictly prohibited; and you are to immediately and permanently delete
or destroy this email and notify the sender forthwith.




-- Salahudin Bin Wan Khairuzzaman
Malaysia Computer Emergency Response Team (MyCERT)
CyberSecurity Malaysia (An Agency Under MOSTI)
Level 7, SAPURA@MINES,
The MINES Resort City
43300 Seri Kembangan, Selangor
Malaysia

Main Line : +603 89926888 or 1-300-88-2999
Direct Line : +603 89926919
Fax : +603 89453442
Website : http://www.cybersecurity.org.my
Website : http://www.mycert.org.my




Disclaimer:



“This email (and any attachment to it) is confidential and intended
solely for the use of the individual or entity to whom it is
addressed. CyberSecurity Malaysia assumes no liability whatsoever for
the content of this email or for the consequences of actions taken
based on such content unless it is subsequently confirmed in writing.
Unintended recipients are notified that disclosing, copying or
distributing of this email, or acting based on its contents, is
strictly prohibited; and you are to immediately and permanently delete
or destroy this email and notify the sender forthwith.






- -- 
Salahudin Bin Wan Khairuzzaman
Malaysia Computer Emergency Response Team (MyCERT)
CyberSecurity Malaysia (An Agency Under MOSTI)
Level 7, SAPURA@MINES,
The MINES Resort City
43300 Seri Kembangan, Selangor
Malaysia

Main Line : +603 89926888 or 1-300-88-2999
Direct Line : +603 89926919
Fax : +603 89453442
Website : http://www.cybersecurity.org.my
Website : http://www.mycert.org.my
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNAEmrAAoJEAgHMNrD1PZ3YPsIALaZoh0gYHyxwCUtUTuucU1F
Lb8iTRb5jtxgCEaU0yuMzZEV6yGi1eRab1YTjn8eXgUJZrLynhDMajJgmZZYnPlH
d+rrPRi0uEkKkCmhMHescJgzu5GqIWIn7fjAjzloVjRrEsciaL+q0n++V0sOUHtt
guYELfNFkKC67eRUVIH0ruf3K5Rxt86P+Zanlmc7PPoaV/KBgrE8W/e071yjtGI0
YtaP0uG8nDtZORkrhMBPORBtm3VV8IFBJDuiBMwxo95tF1ob0e/KLxnLeTMVTn8n
3QcblQqqV8WgUtmJ9xf8SQr6iz406Or9BrctPjTEpWYbjCejo7U8o9ltcQKzhWs=
=/uBX
-----END PGP SIGNATURE-----


Disclaimer:

“This email (and any attachment to it) is confidential and intended solely for the use of the individual or entity to 
whom it is addressed. CyberSecurity Malaysia assumes no liability whatsoever for the content of this email or for the 
consequences of actions taken based on such content unless it is subsequently confirmed in writing. Unintended 
recipients are notified that disclosing, copying or distributing of this email, or acting based on its contents, is 
strictly prohibited; and you are to immediately and permanently delete or destroy this email and notify the sender 
forthwith.


------------------------------------------------------------------------------
This SF Dev2Dev email is sponsored by:

WikiLeaks The End of the Free Internet
http://p.sf.net/sfu/therealnews-com
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: