[Snort-users] snort web interface

Lay, James james.lay at ...15009...
Wed Aug 24 11:46:47 EDT 2011

> -----Original Message-----
> From: Paul Halliday [mailto:paul.halliday at ...11827...]
> Sent: Wednesday, August 24, 2011 9:39 AM
> To: Joel Esler
> Cc: Snort Users; Randal T. Rioux
> Subject: Re: [Snort-users] snort web interface
> On Wed, Aug 24, 2011 at 11:42 AM, Joel Esler <jesler at ...1935...>
> > Responding to my own email:
> >
> > If anyone wants to take this task on (side by side comparison of GUI
> tools), we'll put it up on Snort.org and I'll give you free stuff!
> >
> I nice complement to this would be a survey for the community:
> What would you like your interface to do? (in general, open ended
> Features, Reports, Niceties, etc. expand on this of course.
> While feature requests are great, the requests always tend to be
> contrived because they are in within the context of a specific project
> and/or developers personal goals.
> What do people want?
> Using the 'delete events' as an example. This would have never
occurred to
> me. I have over 300,000,000 events for the past 2 years and I would
hate to
> lose any of that data. It is so rare that I need to delete an event
from the
> db that I don't mind striking it from the CLI.
> I have been trying to put a survey together but just haven't had the
> cycles, I think the results from a survey like this data would
> greatly to all projects out there.
> --
> Paul Halliday
> http://www.squertproject.org/

Good point Paul.  Something to consider is the target audience...for me,
tailing the fast file and tsharking the pcap file is great for realtime
incidents, and snortalog worked ok for trending.  But that's
me....Executives clearly wanted something much more pretty...which is
why I started down the road of a GUI in the first place.


More information about the Snort-users mailing list