[Snort-users] Snort-Gui Editing Rules
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Fri Oct 15 00:44:49 EDT 2004
--On 14 October 2004 23:40 +0200 Jose Maria Lopez <jkerouac at ...12346...>
> El mié, 29 de 09 de 2004 a las 20:07, Raffael Maio escribió:
>> I?m searching for the best GUI interface to edit rules with snort. I
>> have make research, and I find some good product I think like
>> Snortcenter and Oinkmaster.
> I don't know the actual state of snortcenter, but it was a little buggy
> when I tried.
The CVS tree for Snortcenter2 on sourceforge should be mostly OK with Snort
<=2.2.0 rulesets. But neither Jason nor myself have had much time to work
on it for a while. Also, I've switched to oinkmaster and some shellscripts
to manage snort rules, now that I don't need to cater for our less
> Oinkmaster it's the best way to add rules to your snort
> box, but it doesn't have a GUI.
It does, actually - written in Perl/Tk. I can't say I've used it though.
> You can also check the Webmin module for snort, but I think it's a little
Other alternatives are:
- <http://rman.sourceforge.net/>, which is OK, but doesn't really buy you
much above using a text editor, IMHO.
- <http://www.activeworx.org/>, which looks nice, but doesn't have an
'expert mode' allowing you to modify rules. It's also Windows-only (though
it could manage UNIX sensors).
>> Are there another product ???
> Maybe some commercial product like Demarc or Sourcefire software
> can do that, but I have never checked, so I can't tell you.
Sourcefire certainly can. I think Demarc's products can, too.
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users