[Snort-users] snort and tools overview
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Mon Aug 23 04:32:14 EDT 2004
--On 20 August 2004 12:10 +0200 Thomas Zauner
<Thomas_Zauner at ...12242...> wrote:
> updated snort-tools-diagram today
mudpit <http://fidelissecurity.com/techtalk/mudpit.asp> and FLoP
<http://www.geschke-online.de/FLoP/> are alternatives to barnyard with
different advantages and disadvantages. I've been using mudpit until now,
but plan to use FLoP in my next deployment. FLoP can log entire sessions
with the corresponding alert(s) in the SQL database for later extraction
(requires a modified schema and a tool included in the FLoP distribution).
Snortcenter2 can be found at
<http://sourceforge.net/projects/snortcenter2/>. I recommend using the
snortcenter-console-patch branch of the CVS tree for 2.0.6 and newer
versions of Snort. Attempting to use older versions of snortcenter will
result in damaged rules.
OSSIM <http://www.ossim.net> integrates alerts from Snort with those from
other tools including p0f and ntop and probably deserves a mention. The
OSSIM snort src.rpm includes an updated version of the SPADE patch which
appears to work with Snort 2.2.0.
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users