Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2

From: Mike Michalak <mike () trail9 com>
Date: Mon, 19 Jan 2015 09:29:43 +0100
Interesting.  Thank you for the information.  It is very helpful.

Regards,

Mike Michalak
M +219.921.9619
O +708.320.8643
Trail 9 | trail9.com




On Mon, Jan 19, 2015 at 9:25 AM, Jeremy Hoel <jthoel () gmail com> wrote:


Well "older" is an odd phrase. It's probably the newest web GUI that's not
based on sguil. Base is older then snorby, based on PHP alone and is easy
to get setup and working but isn't as feature rich as snorby.  Sguil is its
own creature. It doesn't use barnyard2 and instead has it's own agents to
read data and send to its own db. Very different. Older, but recently
updated. It has a web interface called squert.
On Jan 19, 2015 12:46 AM, "Mike Michalak" <mike () trail9 com> wrote:


Ah ok, I didn't know Snorby was older.

So sguil is installed as a client then you connect to your server?

Regards,

Mike Michalak
M +219.921.9619
O +708.320.8643
Trail 9 | trail9.com




On Mon, Jan 19, 2015 at 8:38 AM, Jeremy Hoel <jthoel () gmail com> wrote:


I have used Snorby a lot.  It's a modern web interface, unlike Base, and
it is pretty easy to use and work with.  Some of the downsides are it
hasn't been updated in a bit and it uses Ruby on Rails and that seems to
make life hard for some people.  Multiple sensors are nice, the interface
is quick to use and it doesn't get upset as fast as sguil when there are
lots and lots and lots of uncatagorized alerts.

On Mon, Jan 19, 2015 at 12:33 AM, Mike Michalak <mike () trail9 com> wrote:


Thank you for the update.

What are your thoughts on Snorby?

Regards,

Mike Michalak
M +219.921.9619
O +708.320.8643
Trail 9 | trail9.com




On Mon, Jan 19, 2015 at 8:22 AM, Jeremy Hoel <jthoel () gmail com> wrote:


To use most web based tools you need to send the data from unified2 to
a mysql.. you use barnyard2 for that.  IF you want to use cli you can use
some tools to explore unified2 files, or you can use a SIEM tool that can
get the data via syslog or something.  You could also use sguil and it has
a whole other set of tools.

So really, it depends on how you want to view your data.

You might check out Security Onion as it has a few of these and can
give you some options.

On Sat, Jan 17, 2015 at 1:30 AM, Mike Michalak <mike () trail9 com>
wrote:


Ah ok, that is a good question.  I'm not quite sure, any suggestions?

Regards,

Mike Michalak
M +219.921.9619
O +708.320.8643
Trail 9 | trail9.com




On Fri, Jan 16, 2015 at 6:21 PM, Shirkdog <shirkdog () gmail com> wrote:


How do you plan on viewing alert data?

Once you answer that question, you can look at how barnyard2 will
help you.

---
Michael Shirk


On Fri, Jan 16, 2015 at 9:29 AM, Mike Michalak <mike () trail9 com>
wrote:


I have installed Snort and I am in the testing phase.

What are your thoughts on using Barnyard2 with snort?  Is it worth

it or not

needed.

I am running snort on a CentOS 6.5 box.

Regards,

Mike





------------------------------------------------------------------------------

New Year. New Location. New Benefits. New Data Center in Ashburn,

VA.

GigeNET is offering a free month of service with a new server in

Ashburn.

Choose from 2 high performing configs, both with 100TB of

bandwidth.

Higher redundancy.Lower latency.Increased capacity.Completely

compliant.

http://p.sf.net/sfu/gigenet
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:


http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users


Please visit http://blog.snort.org to stay current on all the

latest Snort

news!






------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in
Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely
compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!











------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: