[Snort-users] There appears to be a bug in Base-1.4.5

Jeremy Hoel jthoel at ...11827...
Tue Oct 9 21:37:40 EDT 2012


Security onion isn't a program as much as it is a distribution of
linux/snort/snorby/sguil/bro/elsa/<a few other things>.  It has all
the consoles in it and you can try and use what you want.  It's a
liveCD (or installable) instant IDS.  It is not a single console.

People use snorby, base, sguil, bro, splunk, syslog servers, all sorts
of things.. they use what they find that works.  Each person has a
different flow of how they handle events and what they want to see
with an event.. so there are many tools to suit many needs.

On Tue, Oct 9, 2012 at 7:09 PM, AllowOverride <allowoverride at ...11827...> wrote:
> what is the new way of browsing to pretty formated data now?
> securityonion? you are simply greppging/viewing flat files or u2spewfoo
> or what, how are you alerting others? mail -s to? what? thanks!
>
> On Tue, 2012-10-09 at 17:59 -0400, Joel Esler wrote:
>> On Oct 9, 2012, at 4:22 PM, "Castle, Shane"
>> <scastle at ...14946...> wrote:
>>
>> > (Removed snort-team from CC list - they have zero interest in BASE
>> > and this is just noise to them.)
>>
>> It's not that we have zero interest.  We have nothing to add.  You're
>> right.  BASE is pretty much dead.  When I left the project in 05, it
>> continued on for a year or so with minor updates, and the last I heard
>> it was going to get a complete recode with a new DB schema, and GUI
>> clients (that was the direction that I wanted it to go when I was the
>> project manager at least, and I think that train of thought was
>> continuing).
>>
>>
>> I don't use any GUI right now (alert files and pcaps when analyzing my
>> own network).
>>
>>
>> --
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> Sourcefire
>> ------------------------------------------------------------------------------
>> Don't let slow site performance ruin your business. Deploy New Relic APM
>> Deploy New Relic app performance management and know exactly
>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
>> http://p.sf.net/sfu/newrelic-dev2dev
>> _______________________________________________ Snort-users mailing list Snort-users at lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list