[Snort-users] FW: Hello test

Tony Reusser treusser at ...15879...
Mon Oct 15 10:40:48 EDT 2012


Follow up...

Just to make sure you are clear...

It seems you are in the same position I was in a few months ago.  If
you/your company can afford the very excellent SANS SEC503 class, I highly
recommend it.  I didn't mean to offer a "no help" simplistic answer.

But in my experience setting up a functioning NIDS system using open-source
tools like CentOS and Snort is a very good economical decision.  But coming
from someone with no prior experience with IDS's in general, and a fairly
good grasp of linux admin (i.e. NOT a programmer/developer) setting up my
system wasn't exactly a trivial exercise.  But I struggled and with the
assistance of mail lists like this and all the available documentation, I
did it.  You can too.

To summarize, if you want to use a tool like BASE, you need a few other
things first.

First of all, follow the requirements on the snort website:

http://www.snort.org/start/requirements

The Barnyard2 piece is critical.

Then you will need MySQL for the database part.  Barnyard takes the
'unified' output from Snort and populates the database.  Then a php web tool
like BASE reads the database and presents a basic, but useful management and
analysis interface.

Here is a link to a document that was immensely helpful to me.  I had
trouble getting the 'ntop' tool to work, but I really didn't need it and I
don't miss it.

http://www.internetsecurityguru.com/documents/Snort_Base_Barnyard_CentOS_5.p
df

Others in this mail list have been very helpful to me as I learn this stuff.
I thought I'd return the favor.

Have fun snorting!

	-Tony Reusser



-----Original Message-----
From: kevin zhang [mailto:kevin35zhang at ...11827...] 
Sent: Monday, October 15, 2012 12:29 AM
To: Joel Esler
Cc: snort-users
Subject: Re: [Snort-users] Hello test

hello all

I will install snort system in company,,I have used VirtualBox test it
successful in sniffer mode

But we need run it in IDS mode,,,I don't know  how to configure it ,,,I
search solution use Google  but no result,,, Can you give me a little
hyperlink ??
I need a graphics website  monitor
Please tell me how to study it
Tks very much

OS:CentOS 6.3 x64
Snort:2.9.3.1


2012/10/12, Joel Esler <jesler at ...1935...>:
> It works.
>
> On Oct 12, 2012, at 3:05 AM, kevin zhang <kevin35zhang at ...11827...> wrote:
>
>> hello boys and girls,
>> i am kevin,new comer    test
>>
>>
>>
>> --
>> Best wishes
>> Kevin Zhang
>>
>> ---------------------------------------------------------------------
>> --------- Don't let slow site performance ruin your business. Deploy 
>> New Relic APM Deploy New Relic app performance management and know 
>> exactly what is happening inside your Ruby, Python, PHP, Java, and 
>> .NET app Try New Relic at no cost today and get our sweet Data Nerd 
>> shirt too!
>> http://p.sf.net/sfu/newrelic-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest 
>> Snort news!
>
>


--
Best wishes
Kevin Zhang

----------------------------------------------------------------------------
--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly what is
happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at
no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!





More information about the Snort-users mailing list