Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Snort Summary Web Pages

from [Bryan Swann] Network Security [Permanent Link]
Subject: Re: [Snort-users] Snort Summary Web Pages
Date: Fri, 09 Nov 2007 17:11:38 -0500
IMO, BASE isn't a very useful product for IDS monitoring, though I'm sure others may disagree. It doesn't provide a real-time view of the alerts which is what most people want. I've never tried squil, but it is suppose to provide that function.

I use the commercial product aanval and it runs circles around BASE. Its pretty cheap too. It has real time monitoring support and can create nice reports on data returned by a query. I just got the most recent version and it has support for PDF reports too.

As far as reporting goes, I wish there were some decent comparisons between the tools. Don't use snort report, it queries all of the data to generate a report every time you access it. With only a moderate alert load, the tool takes forever. I like snortsnarf and snortalog. Though I would like to hear what others are using.

I am moving to use barnyard, but found that few reporting tools can use the unified logging format. Barnyard can create something similar to a fast alert output, but the format is slightly different. I plan on trying to write a script to parse the barnyard output so I can still use snortsnarf and snortalog. I would love to know what other tools people are using to create a daily report.

Michael Merrell wrote:
Hi!
I hope I'm doing this right and that I get some helpful responses. I've recently installed Snort and BASE on a Fedora Core 7 machine. I've secured the main page with a password following the instructions found on the Snort Documents page. However, while I'd like to keep the main page secure, I'd also like to post a real-time summary (just the number of alerts and traffic by protocol stuff) on a second web page that would not be secured. I'd like it set up so that anyone could view this summary but following the links would require a password.
I've been reading through documentation online without much success and I was hoping someone might be able to offer me some help.
I'd appreciate any suggestions and advice! Thank you!
- Michael M.
_________________________________________________________________
Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.
http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
-
- Bryan Swann (swann@spawar.navy.mil) 843/218-4749
- SPAWAR Systems Center Charleston
-
- The difference between genius and stupidity is that genius has its limits. - Einstein

Attachment: swann.vcf
Description: Vcard

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Barnyard, Jason Brvenik
Next by Date:  [Snort-users] (no subject), Rachmat Hidayat Al-Anshar
Previous by Thread:  [Snort-users] Snort Summary Web Pages, Michael Merrell
Next by Thread:  [Snort-users] Barnyard, randy
Indexes:  [Date] [Thread] [Top] [All Lists]