[Snort-users] what is the latest IDS management tool ?

Marcio Guerreiro marcio.guerreiro at ...16117...
Fri May 29 06:16:14 EDT 2015


Hi everyone

 

I am looking for the latest SNORT IDS management tool to send alerts via
email, display graphical interface, etc.

 

I have been reading a lot of books that mention  Snort SAM, Snortfw,
guardian, EasyIDS, ELSA, IDScenter, however it seems that those tools are 5
to 10 years old.

 

I would like to know what is the latest and updated management tool that is
being used to send email alerts and as management console in the market.

 

Thank you very much in advance.

 

Marcio Guerreiro

 

 

 

 

From: Robert Lasota [mailto:wrkilu at ...3879...] 
Sent: 29 May 2015 08:51
To: snort-users
Subject: [Snort-users] PulledPork stopped updating and starts duplicate

 

Hi,


Did somebody meet with such strange case ? I mean, I had working Pulledpork,
then I changed someting (but even I don't know what because I turned out
later about that), and now duting run it doesn't display what it
update/change in rules and laso it start diplicate rules! After every next
run I get in rules directory thse same files with rules but with added the
same rules as later :(

 

./pulledpork.pl -P -k -I security -c etc/pulledpork.conf

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827...
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
        They Match
        Done!
Prepping rules from snortrules-snapshot-2962.tar.gz for work....
        Done!
Reading rules...
Reading rules...
Activating security rulesets....
        Done
Modifying Sids....
        Done!
Processing /tmp/pulledpork-0.7.0/etc/enablesid.conf....
        Modified 0 rules
        Done
Processing /tmp/pulledpork-0.7.0/etc/dropsid.conf....
        Modified 0 rules
        Done
Processing /tmp/pulledpork-0.7.0/etc/disablesid.conf....
        Modified 0 rules
        Done
Setting Flowbit State....
        Enabled 777 flowbits
        Enabled 25 flowbits
        Enabled 4 flowbits
        Enabled 2 flowbits
        Done
Writing rules to unique destination files....
        Writing rules to /tmp/rules/
        Done
Generating sid-msg.map....
        Done
Writing v1 /tmp/sid-msg.map....
        Done
Fly Piggy Fly!
[root at ...17180... pulledpork-0.7.0]

 

What is going on ?

Robert

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150529/41df60b9/attachment.html>


More information about the Snort-users mailing list