On Thu, Dec 3, 2009 at 10:52 AM, Grymoire <[email protected]> wrote:
> > I want to make some sort of high level visualization of the IDS status > - using snort. > > I am tryiung to use snort, mysql, acidbase, and munin, all of which > can be installed using Ubuntu's package manager. There's even a snort > plug-in for munin. Sounds easy, eh? > > Well, the ducumentaiton sucks. > > I looked at the Snort Statistics howto - and that's obsolete. > > Not sure what you are looking for here though... > snortsnarf is non-supported and hard to find. So I found an old RPM, > installed it, and looking at it's output - it's just broken. > > Yeah, don't use it. > I downloaded the source of snort, and according to the > documentation,contributed source can be found at > www.snort.org/dl/contrib - but the directory no longer exists. > > Correct, we cleaned out a lot of the 3rd party projects that weren't maintained anymore when we redid the site: http://www.snort.org/downloads/additional-downloads/ is what is left. Base, Snorby, Sguil.. > There are many web pages, and even a book - the but book is 6 years > old, and many of the web documents are also as ancient. > > Snort IDS and IPS toolkit is the most recent book. I think that was one was... 2006? 2007? > Suppose I want to have a real-time plot of IDS activities. What do > others use? And what documentation do you suggest? > I use text based alerting, but that's not really feasible for an unskilled enterprise environment. > > It's been frustrating.... > The Snort-Users mailing list is also available for your reference. Years of archives as well as a place to ask your questions. Please don't hesitate to ask here, or there, there are plenty of people that have expertise in Snort aside from me. -- Joel Esler | 302-223-5974 | gtalk: [email protected]
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
