Snort mailing list archives
Re: BASE or Snort Report ???
From: Joe Pampel <jpampel () paladyne com>
Date: Tue, 4 Jan 2011 16:17:25 -0500
you can get basic alerting going for $0 using the free version Kiwi syslog. Take that up a level and use the free (up to 500MB per day) version of Splunk. Kiwi can take some basic filters which can control then alerts you get e-mail about, (such as priority 1 or 2 only etc.) Just 2 free options of many. :) On Jan 4, 2011, at 4:02 PM, Garland, Ken R wrote: Use something else for notification purposes like sec.pl<http://sec.pl/> or other notification/monitoring tools. Snorby/BASE are not really meant for that, they are, for lack of a better term, data mining tools. Sure you can see a live view in Snorby but if you want to get that close to the metal would you really put yourself in front of a gui web app with potential delay? On Tue, Jan 4, 2011 at 3:50 PM, J. L. Cabral <jelocabral () gmail com<mailto:jelocabral () gmail com>> wrote: Because I see in BASE there is a file called base_conf.php which can be configured with some parameters for sending mail, but I've never understood the functionality because I don't understand how to choose the alerts I need to get...so I suppose is the same in Snorby, but maybe not.... On Tue, Jan 4, 2011 at 5:40 PM, Joel Esler <jesler () sourcefire com<mailto:jesler () sourcefire com>> wrote:
(That's three drinks right there.) I don't think Snorby sends alerts by email. Joel On Tue, Jan 4, 2011 at 3:28 PM, J. L. Cabral <jelocabral () gmail com<mailto:jelocabral () gmail com>> wrote:I've read somo info about Snorby but I can't see any data about the configuration for sending alerts by email. Is this possible and in this case how should I choose the alerts I need to receive ??? Thanks again, JeLo On Tue, Jan 4, 2011 at 4:54 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com<mailto:Shawn.Jefferson () bcferries com>> wrote:Personally I like BASE (since I have modified it to correlate alerts with my systems management product's view of patches applied to my systems), although Snorby and Snort Report look pretty nice. What language are Snorby and Snort Report written in? PHP? -----Original Message----- From: J. L. Cabral [mailto:jelocabral () gmail com<mailto:jelocabral () gmail com>] Sent: Tuesday, January 04, 2011 10:52 AM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] BASE or Snort Report ??? Hi all, I need a starting point to enter to Snort world, so I think I can use BASE or Snort Report to view the traffic logs. I've used BASE but I'm still fighting with sending alerts by email, I can setup this feature. And also I've seen some snapshots from Snort Report. What web interface do you recommend to me in order to view and receive critical Snort's alerts by mail ??? Really thanks, JeLo ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Joel Esler Skype:eslerjoel http://blog.snort.org<http://blog.snort.org/>
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <ATT00001..txt><ATT00002..txt> ________________________________ The information contained in this correspondence is intended solely for the person or entity entitled to receive the confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, please destroy and/or delete this correspondence and the attachment(s).
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BASE or Snort Report ??? J. L. Cabral (Jan 04)
- Re: BASE or Snort Report ??? Joel Esler (Jan 04)
- Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)
- Re: BASE or Snort Report ??? Champ Clark III [Softwink] (Jan 04)
- Re: BASE or Snort Report ??? Jefferson, Shawn (Jan 04)
- Re: BASE or Snort Report ??? J. L. Cabral (Jan 04)
- Re: BASE or Snort Report ??? Joel Esler (Jan 04)
- Re: BASE or Snort Report ??? J. L. Cabral (Jan 04)
- Re: BASE or Snort Report ??? Joel Esler (Jan 04)
- Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)
- Re: BASE or Snort Report ??? Joe Pampel (Jan 04)
- Re: BASE or Snort Report ??? Jefferson, Shawn (Jan 04)
- Re: BASE or Snort Report ??? Champ Clark III [Softwink] (Jan 04)
- Re: BASE or Snort Report ??? Tilley, Brad (Jan 05)
- Re: BASE or Snort Report ??? Martin Holste (Jan 05)
- Re: BASE or Snort Report ??? J. L. Cabral (Jan 04)
- Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)
- Re: BASE or Snort Report ??? Bamm Visscher (Jan 05)
- Re: BASE or Snort Report ??? Jun Wan (Jan 06)
- Re: BASE or Snort Report ??? Crusty Saint (Jan 06)