[Snort-users] Barnyard2

Mike Michalak mike at ...17066...
Mon Jan 19 02:46:22 EST 2015


Ah ok, I didn't know Snorby was older.

So sguil is installed as a client then you connect to your server?

Regards,

Mike Michalak
M +219.921.9619
O +708.320.8643
Trail 9 | trail9.com




On Mon, Jan 19, 2015 at 8:38 AM, Jeremy Hoel <jthoel at ...11827...> wrote:

> I have used Snorby a lot.  It's a modern web interface, unlike Base, and
> it is pretty easy to use and work with.  Some of the downsides are it
> hasn't been updated in a bit and it uses Ruby on Rails and that seems to
> make life hard for some people.  Multiple sensors are nice, the interface
> is quick to use and it doesn't get upset as fast as sguil when there are
> lots and lots and lots of uncatagorized alerts.
>
> On Mon, Jan 19, 2015 at 12:33 AM, Mike Michalak <mike at ...17066...> wrote:
>
>> Thank you for the update.
>>
>> What are your thoughts on Snorby?
>>
>> Regards,
>>
>> Mike Michalak
>> M +219.921.9619
>> O +708.320.8643
>> Trail 9 | trail9.com
>>
>>
>>
>>
>> On Mon, Jan 19, 2015 at 8:22 AM, Jeremy Hoel <jthoel at ...11827...> wrote:
>>
>>> To use most web based tools you need to send the data from unified2 to a
>>> mysql.. you use barnyard2 for that.  IF you want to use cli you can use
>>> some tools to explore unified2 files, or you can use a SIEM tool that can
>>> get the data via syslog or something.  You could also use sguil and it has
>>> a whole other set of tools.
>>>
>>> So really, it depends on how you want to view your data.
>>>
>>> You might check out Security Onion as it has a few of these and can give
>>> you some options.
>>>
>>> On Sat, Jan 17, 2015 at 1:30 AM, Mike Michalak <mike at ...17066...> wrote:
>>>
>>>> Ah ok, that is a good question.  I'm not quite sure, any suggestions?
>>>>
>>>> Regards,
>>>>
>>>> Mike Michalak
>>>> M +219.921.9619
>>>> O +708.320.8643
>>>> Trail 9 | trail9.com
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Jan 16, 2015 at 6:21 PM, Shirkdog <shirkdog at ...11827...> wrote:
>>>>
>>>>> How do you plan on viewing alert data?
>>>>>
>>>>> Once you answer that question, you can look at how barnyard2 will help
>>>>> you.
>>>>>
>>>>> ---
>>>>> Michael Shirk
>>>>>
>>>>>
>>>>> On Fri, Jan 16, 2015 at 9:29 AM, Mike Michalak <mike at ...17066...>
>>>>> wrote:
>>>>> >
>>>>> > I have installed Snort and I am in the testing phase.
>>>>> >
>>>>> > What are your thoughts on using Barnyard2 with snort?  Is it worth
>>>>> it or not
>>>>> > needed.
>>>>> >
>>>>> > I am running snort on a CentOS 6.5 box.
>>>>> >
>>>>> > Regards,
>>>>> >
>>>>> > Mike
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> ------------------------------------------------------------------------------
>>>>> > New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>>>>> > GigeNET is offering a free month of service with a new server in
>>>>> Ashburn.
>>>>> > Choose from 2 high performing configs, both with 100TB of bandwidth.
>>>>> > Higher redundancy.Lower latency.Increased capacity.Completely
>>>>> compliant.
>>>>> > http://p.sf.net/sfu/gigenet
>>>>> > _______________________________________________
>>>>> > Snort-users mailing list
>>>>> > Snort-users at lists.sourceforge.net
>>>>> > Go to this URL to change user options or unsubscribe:
>>>>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> > Snort-users list archive:
>>>>> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>> >
>>>>> > Please visit http://blog.snort.org to stay current on all the
>>>>> latest Snort
>>>>> > news!
>>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>>>> GigeNET is offering a free month of service with a new server in
>>>> Ashburn.
>>>> Choose from 2 high performing configs, both with 100TB of bandwidth.
>>>> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
>>>> http://p.sf.net/sfu/gigenet
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150119/de0d3ffc/attachment.html>


More information about the Snort-users mailing list