[Snort-users] Recommendation for IDS reporting tools?

Basselgia, Barry A Mr (NAF Atsugi) BABasselgia at ...12104...
Wed Mar 16 16:13:13 EST 2005


I use Aanval, it uses the same mysql database as ACID/BASE, so it will work
with anything you can feed into the database.  I use unified logging on my
snort sensors and barnyard to feed the database.

I find that I use both BASE and Aanval depending on what I'm looking
for/doing at the time.  Aanval has some near real time monitors that I
really like.  But, when I'm digging into things I find BASE to be more
useful.

Barry


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Alex
Butcher, ISC/ISYS
Sent: Wednesday, March 16, 2005 6:07 PM
To: Hugo; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Recommendation for IDS reporting tools?

...


> Has anybody tried Aanval? Any testimonial? THanks in advance!

Tried it, didn't like it; not as functional as ACID/BASE, and, IIRC, it 
won't work with unified logging (which is a show-stopper for a production 
NIDS, IMHO).

> Hugo

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9







More information about the Snort-users mailing list