Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Real time alerting with multiple sensors

From: "Tony Scalzitti" <tony () scalzitti org>
Date: Wed, 13 Feb 2002 17:56:16 -0500
I had a similar issue.  I used mysql (its faster and all those sensors can't
wait).  I wrote a small Win32 front-end to the snort database in VB 6.  It
checks the database every 1-10 minutes for new alerts and shows them to me,
it also writes a HTML file in its working directory that I have as a active
desktop item.  If you are on a *nix workstation you could go with syslog-ng
and just run a tail -f (as I do for my PIX logs).

The tool SnortFE is on my web site if you want to take a look, it has a few
other features as well.

http://security.scalzitti.org

-T
----- Original Message -----
From: "Federico" <egopfe () hotmail com>
To: <Snort-users () lists sourceforge net>
Cc: "lorenzo" <lorenzo () muug it>
Sent: Wednesday, February 13, 2002 4:07 AM
Subject: [Snort-users] Real time alerting with multiple sensors



I've this problem, and this doubt for resolving it...
witch is the best chioice to have a real time feedback in my scenario ?
plz tell me wich is the best choice

The Scenario

+ About 10 sensors in a routed  MAN.
+ need to log to PostgreSQL for an historical purpose.
+ need to have a realtime feedback.

naturally i want to concentrate logs in one servers, and no to keep them
distribuited.


Solutions for real time feedback:

1) snmp traps to central server, snmptrapd scripted to send alerts by

e-mail

(anyone knows some program to attach to snmptrapd?)
2) syslogd-ng from all sensors to central server, incident.pl running by
crond every 5 second and alerting by e-mail.

witch is the best solution ?
anyone has other solutions and/or some programs that can help me ??

thanks in advance.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: