[Snort-users] Why are there no open source GUI's for managing multiple Snort sensors?

twig les twigles at ...131...
Wed Sep 25 13:34:02 EDT 2002

My problem with most GUIs, including some IDS guis
that will rename nameless <cough cough netranger>, is
that I don't know wth is going on unless I do some
serious digging.  So while the GUI is helpful in that
I don't have to remember a bunch of commands and where
conf files are, the positives are balanced by the

So essentially my dream is to be able to maintain
identical configurations on multiple snort sensors but
still be able to control exactly what command is
executing when I hit a button (ie right-click on the
button and be able to pull up and edit the command,
like in Windowmaker when you goto settings on the

So aside from my whining about adding a layer of
abstraction, the normal stuff would be nice...rule
updates, scp/ssh/sftp, centralized reporting and alert
parsing based on things like rule, IP, time etc..

Allowing the user to define their own "macros" would
be sweet, that way the beta testers could put out some
good templates.

--- Carl Samond <dunnun at ...1276...> wrote:
> I can see graphical user interfaces to manage
> individual sensors and I
> can see GUIs to analyse alerts from a group of
> sensors but why is there
> no tool to provide both management and analysis for
> multiple sensors?
> I'm considering pursuing this for my university
> project so if such a
> tool exists already I'd like to know, if anyone can
> help me pin down my
> requirements I'd be most grateful.  I'm interested
> in hearing about how
> people would like to use snort (particularly less
> experienced users).
> What is a drag about using snort? Would centralised
> management help a
> significant number of people?
> Many thanks Carl. 

