[Snort-users] Where's Waldo?

Michael Steele michaels at ...9077...
Thu Oct 11 18:05:01 EDT 2012


BASE is a great place to start out. Maybe when you get everything working
properly then make the switch.

BASE is a viable option, it may not have a developer behind it right now,
but it's viable as a snort console.

Michael...

-----Original Message-----
From: AllowOverride [mailto:allowoverride at ...11827...] 
Sent: Thursday, October 11, 2012 5:38 PM
To: Peter Bates
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Where's Waldo?

im looking into snorby, since base is dead... thanks

On Thu, 2012-10-11 at 20:58 +0100, Peter Bates wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hello all
> 
> On 11/10/2012 20:29, AllowOverride wrote:
> > just a test, i will clear tables, and close browser, come back in 1 
> > hour increments, and see if that is the issue, it takes an hour to 
> > input new data after base clear table buttons have cleared. im 
> > assume there is a switch in the configs to make it quicker.
> 
> I've never personally looked for the option to clear tables in BASE 
> but I can say I use a script called archivesnort.pl which moves alerts 
> after 7 days to the archive DB and deletes them after 30.
> 
> If that is available with BASE I'd suggest you try that - i.e. 
> modifying the database outside of the web interface - if you can't 
> find it I can post it to the ML.
> 
> That's what we do and I've never seen the problem you're describing.
> 
> Alternatively, why not look at Snorby as a WUI - that has an inbuilt 
> option to trim(*) the database after a fixed number of events.
> 
> * - by trim I mean 'delete oldest events but not the entire contents 
> of the table' - I can't think of a better word.
> 
> - --
> Peter Bates
> Senior Computer Security Officer    Phone: +44(0)2076792049
> Information Services Division	    Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (Darwin)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> 
> iQEcBAEBAgAGBQJQdyTUAAoJELhVoVpEMS6RsvgH/iJ00PzneI6hlwoFiZz2Xtab
> D+T9Xr69BcHxlZ8FLpWWkkJQWxaeLIIQUKs6yWdkeD3Nn+8P9prpHFfdCeIV55a4
> ICMyIuPj09EMMWyTLQzO2+VZwYh4RmJ4e/XuyD2VAfYobScJdrz6/fHsV6mn0Bm/
> J3SaKlYA4Wm/ou+x5rvJW3J9gSOpQoLfLTUBqBnr3yv8SxiKJQw1WZvYHr2LF0lb
> NxgaQlNjVZtokg0B3fIj6Dhhyecj7M+tjrSs0wqqXd5rU1oOgvDwdiLr1LfYNCAs
> zBd87P9j1mVF9VlLgBhtLr+3/jOVIGAooQK4QWOtLtASmrlBOp7H4rhhIxvP5oQ=
> =S82d
> -----END PGP SIGNATURE-----
> 
> 
> ----------------------------------------------------------------------
> -------- Don't let slow site performance ruin your business. Deploy 
> New Relic APM Deploy New Relic app performance management and know 
> exactly what is happening inside your Ruby, Python, PHP, Java, and 
> .NET app Try New Relic at no cost today and get our sweet Data Nerd 
> shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort
news!


----------------------------------------------------------------------------
--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly what is
happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at
no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!





More information about the Snort-users mailing list