mailing list archives
Re: Snort Architecture and Managment
From: "Morris, Shane (US SSA)" <shane.morris () baesystems com>
Date: Fri, 31 May 2013 17:18:10 +0000
Thanks Joel, I appreciate it.
From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Friday, May 31, 2013 11:23 AM
To: Morris, Shane (US SSA)
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort Architecture and Managment
On May 30, 2013, at 8:53 PM, "Morris, Shane (US SSA)" <shane.morris () baesystems com<mailto:shane.morris () baesystems
1. I'm currently running RedHat but am fluent in any flavor of Linux. Which is the most widely support OS for
Snort and snort related apps? It seems like CentOS is very popular among Snort users.
Unfortunately we have no way of measuring that from the server side, but it appears that redhat/centos/fedora is
probably the most widely used I think.
2. Is there a way I can cache events on the sensors temporarily if the connection is lost between the sensor and
barnyard2 will retry it's connection if it goes down, so, yes.
3. Are there better options for a GUI than BASE, I would even consider running two if there was enough value in
Snorby seems to be the hottest thing right now, but I don't think it requires barnyard2.
4. I'm looking for management tools for the sensors and the rules that I can run from the managers.
Aside from commercial/free-commercial solutions, there's really not a good one that I know of.
5. Any suggestions for managing large rules sets instead of one flat file.
Pulledpork does a good job of managing ruleset with it's disable-sid.conf and enable-sid.conf, but everyone has a
completely different use case.
Senior Research Engineer, VRT
OpenSource Community Manager
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!