Snort mailing list archives
Re: snort and tools overview
From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Mon, 23 Aug 2004 12:31:16 +0100
--On 20 August 2004 12:10 +0200 Thomas Zauner <Thomas_Zauner () bayern-mail de> wrote:
updated snort-tools-diagram today http://62.245.250.125/snort.png
mudpit <http://fidelissecurity.com/techtalk/mudpit.asp> and FLoP <http://www.geschke-online.de/FLoP/> are alternatives to barnyard with different advantages and disadvantages. I've been using mudpit until now, but plan to use FLoP in my next deployment. FLoP can log entire sessions with the corresponding alert(s) in the SQL database for later extraction (requires a modified schema and a tool included in the FLoP distribution).
Snortcenter2 can be found at <http://sourceforge.net/projects/snortcenter2/>. I recommend using the snortcenter-console-patch branch of the CVS tree for 2.0.6 and newer versions of Snort. Attempting to use older versions of snortcenter will result in damaged rules.
OSSIM <http://www.ossim.net> integrates alerts from Snort with those from other tools including p0f and ntop and probably deserves a mention. The OSSIM snort src.rpm includes an updated version of the SPADE patch which appears to work with Snort 2.2.0.
HTH, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and tools overview Thomas Zauner (Aug 19)
- <Possible follow-ups>
- snort and tools overview Thomas Zauner (Aug 19)
- Re: snort and tools overview Thomas Zauner (Aug 20)
- Re: snort and tools overview Alex Butcher, ISC/ISYS (Aug 23)
- snort+FLoP on FreeBSD-5.2.1 Thomas Zauner (Aug 27)
- Re: snort+FLoP on FreeBSD-5.2.1 Dirk Geschke (Aug 27)
- Re: snort and tools overview Thomas Zauner (Aug 20)