Check out liveSnort (by Aanval): http://www.aanval.com/content/product_and_utility_downloads (amazing interface designed around snort, but limited to one sensor)
or Splunk, which does an excellent job correlating snort logs -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com On Thu, Dec 3, 2009 at 11:52 AM, Grymoire <[email protected]> wrote: > > I want to make some sort of high level visualization of the IDS status > - using snort. > > I am tryiung to use snort, mysql, acidbase, and munin, all of which > can be installed using Ubuntu's package manager. There's even a snort > plug-in for munin. Sounds easy, eh? > > Well, the ducumentaiton sucks. > > I looked at the Snort Statistics howto - and that's obsolete. > > snortsnarf is non-supported and hard to find. So I found an old RPM, > installed it, and looking at it's output - it's just broken. > > I downloaded the source of snort, and according to the > documentation,contributed source can be found at > www.snort.org/dl/contrib - but the directory no longer exists. > > There are many web pages, and even a book - the but book is 6 years > old, and many of the web documents are also as ancient. > > Suppose I want to have a real-time plot of IDS activities. What do > others use? And what documentation do you suggest? > > It's been frustrating.... > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
