[Snort-users] Snort Reporting and Capture

larc larc at ...1187...
Thu Jan 23 03:23:02 EST 2003


Hi,

If go for a web based solution, you can use 'ACID' to monitor the alerts and to manage your snort configuration and rules 'SnortCenter'
There is a good manual to install a all this http://www.superhac.com/snort/snort_enterprise.pdf
ACID: www.cert.org/kb/acid
SnortCenter: users.pandora.be/larc/

Regards,
Stefan D.

------------------------
 Michael <xeon at ...8041...> wrote:
------------------------
Hello everyone,
>
>I'm new to snort and would like to get your valuable feedback on some of 
>the utilities that are out there that can help me manage and view snort 
>results as they are captured.
>
>What I'm really looking for first of all is a utility that can capture 
>the alerts and warnings, displaying them either through a web interface 
>and or it's own UI.  I would also like to know of any utilities out may 
>be out there that help with snort configuration, such as changes you 
>would like to add or help with adding new rules etc., that may be available.
>
>Here is a brief description of my setup and would appreciate any 
>feedback you all could provide that may be best for my particular case.
>
>I'm running a single FreeBSD machine with multiple IP's (total of five). 
>  From this machine I run a webserver and also IRC related 
>programs/processes.  This machine acts as it's own Gateway and firewall 
>and would like to add snort to monitor all the traffic to and from this 
>machine.
>
>What would you recommend as the best setup with this type of layout that 
>would provide an easy way to constantly monitor the traffic as stated above?
>
>Any and all feedback is welcome.
>
>Thanks for your time in advance,
>
>Michael
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Scholarships for Techies!
>Can't afford IT training? All 2003 ictp students receive scholarships.
>Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
>www.ictp.com/training/sourceforge.asp
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list