[Snort-users] Barnyard2

Mike Michalak mike at ...17066...
Mon Jan 19 03:29:43 EST 2015


Interesting.  Thank you for the information.  It is very helpful.

Regards,

Mike Michalak
M +219.921.9619
O +708.320.8643
Trail 9 | trail9.com




On Mon, Jan 19, 2015 at 9:25 AM, Jeremy Hoel <jthoel at ...11827...> wrote:

> Well "older" is an odd phrase. It's probably the newest web GUI that's not
> based on sguil. Base is older then snorby, based on PHP alone and is easy
> to get setup and working but isn't as feature rich as snorby.  Sguil is its
> own creature. It doesn't use barnyard2 and instead has it's own agents to
> read data and send to its own db. Very different. Older, but recently
> updated. It has a web interface called squert.
> On Jan 19, 2015 12:46 AM, "Mike Michalak" <mike at ...17066...> wrote:
>
>> Ah ok, I didn't know Snorby was older.
>>
>> So sguil is installed as a client then you connect to your server?
>>
>> Regards,
>>
>> Mike Michalak
>> M +219.921.9619
>> O +708.320.8643
>> Trail 9 | trail9.com
>>
>>
>>
>>
>> On Mon, Jan 19, 2015 at 8:38 AM, Jeremy Hoel <jthoel at ...11827...> wrote:
>>
>>> I have used Snorby a lot.  It's a modern web interface, unlike Base, and
>>> it is pretty easy to use and work with.  Some of the downsides are it
>>> hasn't been updated in a bit and it uses Ruby on Rails and that seems to
>>> make life hard for some people.  Multiple sensors are nice, the interface
>>> is quick to use and it doesn't get upset as fast as sguil when there are
>>> lots and lots and lots of uncatagorized alerts.
>>>
>>> On Mon, Jan 19, 2015 at 12:33 AM, Mike Michalak <mike at ...17066...> wrote:
>>>
>>>> Thank you for the update.
>>>>
>>>> What are your thoughts on Snorby?
>>>>
>>>> Regards,
>>>>
>>>> Mike Michalak
>>>> M +219.921.9619
>>>> O +708.320.8643
>>>> Trail 9 | trail9.com
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Jan 19, 2015 at 8:22 AM, Jeremy Hoel <jthoel at ...11827...> wrote:
>>>>
>>>>> To use most web based tools you need to send the data from unified2 to
>>>>> a mysql.. you use barnyard2 for that.  IF you want to use cli you can use
>>>>> some tools to explore unified2 files, or you can use a SIEM tool that can
>>>>> get the data via syslog or something.  You could also use sguil and it has
>>>>> a whole other set of tools.
>>>>>
>>>>> So really, it depends on how you want to view your data.
>>>>>
>>>>> You might check out Security Onion as it has a few of these and can
>>>>> give you some options.
>>>>>
>>>>> On Sat, Jan 17, 2015 at 1:30 AM, Mike Michalak <mike at ...17066...>
>>>>> wrote:
>>>>>
>>>>>> Ah ok, that is a good question.  I'm not quite sure, any suggestions?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Mike Michalak
>>>>>> M +219.921.9619
>>>>>> O +708.320.8643
>>>>>> Trail 9 | trail9.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jan 16, 2015 at 6:21 PM, Shirkdog <shirkdog at ...11827...> wrote:
>>>>>>
>>>>>>> How do you plan on viewing alert data?
>>>>>>>
>>>>>>> Once you answer that question, you can look at how barnyard2 will
>>>>>>> help you.
>>>>>>>
>>>>>>> ---
>>>>>>> Michael Shirk
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jan 16, 2015 at 9:29 AM, Mike Michalak <mike at ...17066...>
>>>>>>> wrote:
>>>>>>> >
>>>>>>> > I have installed Snort and I am in the testing phase.
>>>>>>> >
>>>>>>> > What are your thoughts on using Barnyard2 with snort?  Is it worth
>>>>>>> it or not
>>>>>>> > needed.
>>>>>>> >
>>>>>>> > I am running snort on a CentOS 6.5 box.
>>>>>>> >
>>>>>>> > Regards,
>>>>>>> >
>>>>>>> > Mike
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> > New Year. New Location. New Benefits. New Data Center in Ashburn,
>>>>>>> VA.
>>>>>>> > GigeNET is offering a free month of service with a new server in
>>>>>>> Ashburn.
>>>>>>> > Choose from 2 high performing configs, both with 100TB of
>>>>>>> bandwidth.
>>>>>>> > Higher redundancy.Lower latency.Increased capacity.Completely
>>>>>>> compliant.
>>>>>>> > http://p.sf.net/sfu/gigenet
>>>>>>> > _______________________________________________
>>>>>>> > Snort-users mailing list
>>>>>>> > Snort-users at lists.sourceforge.net
>>>>>>> > Go to this URL to change user options or unsubscribe:
>>>>>>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>>> > Snort-users list archive:
>>>>>>> >
>>>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>>>> >
>>>>>>> > Please visit http://blog.snort.org to stay current on all the
>>>>>>> latest Snort
>>>>>>> > news!
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>>>>>> GigeNET is offering a free month of service with a new server in
>>>>>> Ashburn.
>>>>>> Choose from 2 high performing configs, both with 100TB of bandwidth.
>>>>>> Higher redundancy.Lower latency.Increased capacity.Completely
>>>>>> compliant.
>>>>>> http://p.sf.net/sfu/gigenet
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users at lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>>>
>>>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>>>> Snort news!
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150119/a5cbee99/attachment.html>


More information about the Snort-users mailing list