Snort mailing list archives
Re: Snort Alert Processing Survey
From: "Gregory (Greg) Nowicki" <gnowicki () jlab org>
Date: Wed, 15 Mar 2017 09:02:32 -0400
Snort/Sguil/Sancp/Barnyard/Mysql, etc. Greg -- Gregory (Greg) D. Nowicki | CyberSec Manager Suite 7 Jefferson Lab | PH: 757-269-6105 12000 Jefferson Ave. | FAX: 757-269-6248 Newport News, VA 23606 | gnowicki () jlab org --------------------------------------------- "Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn't. We were out of our league, in our own game." Mikko Hypponen, 2012-06-01 On 03/14/2017 04:48 PM, m-one wrote:
1. I'm wondering how the vast millions of Snort Users are monitoring Snort alerts? So please, let's here it -- how are you answering the question is my Snort application effective? Where do you look to examine Snort Alerts? 2. Re: [Snort-users] BASE 1.4.5 Non-Operational on Fedora 25. Thanks to Marcin's reply to my initial msg entitled "BASE 1.4.5 Non- Operational on Fedora 25" & subsequently what I was going to ask follows. {Is there an expanded list of modern alternatives? If not, I must be missing something -- how are the vast majority of Snort users monitoring alert info? How many millions have DL'd Snort? What are they using? Are they just looking at text based logs? Are they querying SQL DBs or what? I hate the idea that I'm looking right past the obvious...[grin]} M-One On Mon, 2017-03-13 at 23:49 +0100, Marcin Dulak wrote:On Mon, Mar 13, 2017 at 9:34 PM, m-one <m-one () cox net> wrote:1. Help. I've installed Snort v2.9.9.0 on Fedora 25 along with Pulledpork & BASE v1.4.5. All is operational except when I access "htt p://localhost/base/index.php" I get the actual contents of the file "index.php". I was able to get php 5.6 from Remi repo, but I had trouble finding PHP v5.6 compatible offerings of php-pear-Image- Canvas, php-pear-Image-Color, & php-pear-Image-Graph. I did find *.rpm files for Fedora 23, but upon install the dependencies called for PHP 7.0 -- I did install, but got same result = actual contents of the file "index.php". T2. Help. Is the situation hopeless? Should I move onto Sguil or something else? Any Fedora users running BASE or Sguil?there is probably no hope for the legacy tools apart from those included in https://securityonion.net/ For a modern alternative see https://blog.jasonish.org/2014/04/16/sno rt-logstash-elastic-search-and-kibana/ MarcinM-One ----------------------------------------------------------------- ------------- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- BASE 1.4.5 Non-Operational on Fedora 25 m-one (Mar 13)
- Re: BASE 1.4.5 Non-Operational on Fedora 25 Marcin Dulak (Mar 13)
- Snort Alert Processing Survey m-one (Mar 14)
- Re: Snort Alert Processing Survey James Lay (Mar 14)
- Re: Snort Alert Processing Survey wkitty42 (Mar 15)
- Re: Snort Alert Processing Survey Jack Pepper (Mar 15)
- Re: Snort Alert Processing Survey Marcin Dulak (Mar 15)
- Snort Alert Processing Survey m-one (Mar 14)
- Re: Snort Alert Processing Survey eagleliujin () 163 com (Mar 16)
- Re: BASE 1.4.5 Non-Operational on Fedora 25 Marcin Dulak (Mar 13)
- Re: Snort Alert Processing Survey Gregory (Greg) Nowicki (Mar 21)
- Snort Bridge in Snort-IPS-Tutorial.pdf B (Mar 26)
- Bridging issue inline B (Mar 28)
- Re: Bridging issue inline wkitty42 (Mar 28)
- Message not available
- Message not available
- Re: Bridging issue inline B (Mar 29)
- Re: Snort Alert Processing Survey Jim Hranicky (Mar 27)