[Pauldotcom] Advanced Snort analysis
jd.mubix at gmail.com
Thu Dec 3 17:23:29 UTC 2009
Check out liveSnort (by Aanval):
(amazing interface designed around snort, but limited to one sensor)
or Splunk, which does an excellent job correlating snort logs
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
On Thu, Dec 3, 2009 at 11:52 AM, Grymoire <pauldotcom at grymoire.com> wrote:
> I want to make some sort of high level visualization of the IDS status
> - using snort.
> I am tryiung to use snort, mysql, acidbase, and munin, all of which
> can be installed using Ubuntu's package manager. There's even a snort
> plug-in for munin. Sounds easy, eh?
> Well, the ducumentaiton sucks.
> I looked at the Snort Statistics howto - and that's obsolete.
> snortsnarf is non-supported and hard to find. So I found an old RPM,
> installed it, and looking at it's output - it's just broken.
> I downloaded the source of snort, and according to the
> documentation,contributed source can be found at
> www.snort.org/dl/contrib - but the directory no longer exists.
> There are many web pages, and even a book - the but book is 6 years
> old, and many of the web documents are also as ancient.
> Suppose I want to have a real-time plot of IDS activities. What do
> others use? And what documentation do you suggest?
> It's been frustrating....
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
More information about the Pauldotcom