[Snort-sigs] Snort front ends

Matt Kettler mkettler at ...189...
Thu Feb 12 08:11:05 EST 2004

At 05:03 PM 2/11/2004, Trevor Daucsavage wrote:
>I know this isn't the *correct* forum for this type of question, so I
>apologize in advance.  I ask anyway because I figure you guys are the
>ones who use snort best and most often.
>My question is this: Does anyone have any recommendations for a snort
>front-end?  We're trying to find some kind of package that can use to
>ease install of signatures and maybe even nice graphs and alerting.
>Again I apologize if I've offended anyone.

I don't think you've outright offended anyone.. but you have at least 
confused me.

Why not ask on snort-users?

For reference, I write some custom sigs, which is why I subscribe here.

Most of the time I deal with raw snort output and don't use any front ends 
at all.
I use tcpdump binary logging of packets, and full alerts.

Not the most efficient setup speed-wise, but effective enough for my use.

On occasion I use snortsnarf if I need a lot of output presented in an 
aggregate form. 

More information about the Snort-sigs mailing list