[Snort-users] Snort-Gui Editing Rules

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Fri Oct 15 00:44:49 EDT 2004


--On 14 October 2004 23:40 +0200 Jose Maria Lopez <jkerouac at ...12346...> 
wrote:

> El mié, 29 de 09 de 2004 a las 20:07, Raffael Maio escribió:
>> I?m searching for the best GUI interface to edit rules with snort. I
>> have make research, and I find some good product I think like
>> Snortcenter and Oinkmaster.
>
> I don't know the actual state of snortcenter, but it was a little buggy
> when I tried.

The CVS tree for Snortcenter2 on sourceforge should be mostly OK with Snort 
<=2.2.0 rulesets. But neither Jason nor myself have had much time to work 
on it for a while. Also, I've switched to oinkmaster and some shellscripts 
to manage snort rules, now that I don't need to cater for our less 
technical administrators.

> Oinkmaster it's the best way to add rules to your snort
> box, but it doesn't have a GUI.

It does, actually - written in Perl/Tk. I can't say I've used it though.

> You can also check the Webmin module for snort, but I think it's a little
> outdated.

Other alternatives are:

- <http://rman.sourceforge.net/>, which is OK, but doesn't really buy you 
much above using a text editor, IMHO.

- <http://www.activeworx.org/>, which looks nice, but doesn't have an 
'expert mode' allowing you to modify rules. It's also Windows-only (though 
it could manage UNIX sensors).

>> Are there another product ???
>
> Maybe some commercial product like Demarc or Sourcefire software
> can do that, but I have never checked, so I can't tell you.

Sourcefire certainly can. I think Demarc's products can, too.

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list