AW: [Snort-users] Snort Monitoring output Question

Heyde Fritjof fritjof.heyde at ...5034...
Mon Feb 25 06:31:06 EST 2002


Sure,

log the data to, for example an Mysql database, on the localhost, or on a
trusted mashine in the intranet.
then run a httpd on that mashine (within the intranet) with, for example
Acid as GUI.

Or you start a simple webserver on a win mashine in the intranet (like LWS
or something) and use your samba to read the logged data from the server.
(Of course the samba directory(snort logfiles) is only accessable from that
mashine)
And then download some loggfile parser and run it over the logs.

hope i could give you an idea!

Bydlo

-----Ursprüngliche Nachricht-----
Von: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]Im Auftrag von cdowns
Gesendet am: Montag, 25. Februar 2002 14:57
An: snort-users at lists.sourceforge.net
Betreff: [Snort-users] Snort Monitoring output Question

Good Morning all,
    We It has come time that management would like to see Live Logs and
Network Activity. I have been running Snort for sometime on all gateways
to our network with SSH2 RSA access. What my big question is what is the
best way to let them see these logs LIVE with an HTML interface without
Running HTTPD on the localhost ? IS there a way to move this data to a
trusted location ? without losing the sense of IDS (Secrecy).

Thanks in Advance.

~!>D

--
---------------------------------
  Network Security Administrator
      Skillsoft Corporation
    http://www.skillsoft.com
      cdowns at ...1892...
 "You can't point and click your
   way to super cracker status"
---------------------------------






More information about the Snort-users mailing list