[Snort-users] secure reporting and SNMP

Geoff the UNIX guy galitz at ...247...
Tue Jan 2 17:48:37 EST 2001


I've conducted some failry rigorous trials of snort
and centralized reporting.  I'm trying to find the 
best secure logging method for my environment, and 
I'm looking for comments on the following:

- snort mysql reporting over SSH or SSL.  I believe
  some work has already been done on this... anyone?

- I have been poking around OpenNMS bluebird which
  got me to thinking about reporting via the latest 
  secure SNMP implementation to a bluebird monitoring
  station.  SNMPv3 (UCD-SNMP 4.n).  This has some
  intriguing possibilities, I think.  I am already working
  on a mysql/perl/C NOC type system which fills some 
  different niches than Bluebird and integrates snort.
  Check http://www.cchem.berkeley.edu/College/unix/proj/
  for me details on what we're doing and how snort fits in.
  Of particular relevance is the section called Eddie.

Right now I'm merely reporting snort activity via 
the mysql plugin to a server, which some perl reporting
scripts which automatically get useful information
(like NOC and security contacts via whois).  
Secure logging is the next step.

Geoff Galitz, galitz at ...247...
Research Computing
College of Chemistry, UC Berkeley
     The laws of physics can be a harsh mistress...
        - Bender

More information about the Snort-users mailing list