[Snort-users] snort and tools overview

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Mon Aug 23 04:32:14 EDT 2004


--On 20 August 2004 12:10 +0200 Thomas Zauner 
<Thomas_Zauner at ...12242...> wrote:

>
> updated snort-tools-diagram today
>
>
> http://62.245.250.125/snort.png

mudpit <http://fidelissecurity.com/techtalk/mudpit.asp> and FLoP 
<http://www.geschke-online.de/FLoP/> are alternatives to barnyard with 
different advantages and disadvantages. I've been using mudpit until now, 
but plan to use FLoP in my next deployment. FLoP can log entire sessions 
with the corresponding alert(s) in the SQL database for later extraction 
(requires a modified schema and a tool included in the FLoP distribution).

Snortcenter2 can be found at 
<http://sourceforge.net/projects/snortcenter2/>. I recommend using the 
snortcenter-console-patch branch of the CVS tree for 2.0.6 and newer 
versions of Snort. Attempting to use older versions of snortcenter will 
result in damaged rules.

OSSIM <http://www.ossim.net> integrates alerts from Snort with those from 
other tools including p0f and ntop and probably deserves a mention. The 
OSSIM snort src.rpm includes an updated version of the SPADE patch which 
appears to work with Snort 2.2.0.

HTH,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list