[Snort-users] Logcheck and Snort
john at ...1477...
Tue Mar 6 23:11:51 EST 2001
Snortsnarf produces a nice html document for your browsing pleasure.
If you don't have a web server set up on your box, Razorback is a gnome client
that will note alerts in realtime complete with squeeling piggy sounds if that
is your thing.
If you work with MySQL you can easily redirect those logs with an output plugin
into a db file and use the ACID console for alerts.
If you are really paranoid, "or just like seeing what possibilities exist"
a two sensor setup with one box exposed on the perimeter and one inside, both
streaming to an analyst's console running ACID. Use the razorback squeeling
piggy alert on the inside monitoring for intruders that may have traversed the
obstacles presented at your perimeter.
BTW, I am really very green at all this also, but this setup was a breeze
thanks to help from the guys who really know this stuff. Let me know if you
still want help. We can get you into the saddle without wasting any time.
On Tue, 6 Mar 2001 19:41:48 -0500, Bob Staaf said:
> Hello all,
> Is anyone out there using Logcheck with Snort? I know there are far
> more robust ways to monitor Snort logs but for now that is not an option. I
> will be looking at this tonight to see if I can find a solution but want to
> avoid reinventing the wheel if someone else has already dealt with this.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
--- CHAOS -Where Great Dreams Begin ---
Befor a great vision can become reality there may be difficulty. Befor a person
begins a great endeavor, they may encounter chaos.
As a new plant breaks the ground with great difficulty, foreshadowing the huge
tree, so must we sometimes push against difficulty in bringing forth our
"Out of Chaos, Brilliant Stars are Born."
I-Ching Hexagram #3
More information about the Snort-users