Snort mailing list archives
Re: Snort Summary Web Pages
From: Bryan Swann <swann () spawar navy mil>
Date: Fri, 09 Nov 2007 17:11:38 -0500
IMO, BASE isn't a very useful product for IDS monitoring, though I'm sure others may disagree. It doesn't provide a real-time view of the alerts which is what most people want. I've never tried squil, but it is suppose to provide that function.
I use the commercial product aanval and it runs circles around BASE. Its pretty cheap too. It has real time monitoring support and can create nice reports on data returned by a query. I just got the most recent version and it has support for PDF reports too.
As far as reporting goes, I wish there were some decent comparisons between the tools. Don't use snort report, it queries all of the data to generate a report every time you access it. With only a moderate alert load, the tool takes forever. I like snortsnarf and snortalog. Though I would like to hear what others are using.
I am moving to use barnyard, but found that few reporting tools can use the unified logging format. Barnyard can create something similar to a fast alert output, but the format is slightly different. I plan on trying to write a script to parse the barnyard output so I can still use snortsnarf and snortalog. I would love to know what other tools people are using to create a daily report.
Michael Merrell wrote:
Hi!I hope I'm doing this right and that I get some helpful responses. I've recently installed Snort and BASE on a Fedora Core 7 machine. I've secured the main page with a password following the instructions found on the Snort Documents page. However, while I'd like to keep the main page secure, I'd also like to post a real-time summary (just the number of alerts and traffic by protocol stuff) on a second web page that would not be secured. I'd like it set up so that anyone could view this summary but following the links would require a password. I've been reading through documentation online without much success and I was hoping someone might be able to offer me some help. I'd appreciate any suggestions and advice! Thank you! - Michael M._________________________________________________________________ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- - - Bryan Swann (swann () spawar navy mil) 843/218-4749 - SPAWAR Systems Center Charleston -- The difference between genius and stupidity is that genius has its limits. - Einstein
Attachment:
swann.vcf
Description:
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Summary Web Pages Michael Merrell (Nov 09)
- Re: Snort Summary Web Pages Bryan Swann (Nov 09)