Re: BASE or Snort Report ???

["Garland, Ken R" <garlandkr () gmail com>]

With sguil replace the word 'excellent' with 'horrid' in regards to the web
interface - It's also a dead project as far as I can tell.

On the topic of vaporware, didn't BASE get dumped some time ago as well?

Two jobs ago I wrote a custom interface using Python/Pylons that had
realtime views and analysis. At my last position I put Snorby in place and
that was a real treat, blew me away with the reports available and
interface. They just released 2.0 which I had been waiting for, but I've
since left that company and I've graduated from dealing with such things.

Chose something that will have room to grow and has, at the minimum, a
current set of interested developers. As a few others have pointed out you
might want to consider using plugins for snort to send alerts or using
syslog to deal with alerts, syslog-ng can handle alerts all on its own with
quite a bit of intelligence. I always liked using a notification system
outside of Snort as there are many other things in the admin world that
require attention. I keep them in a central place with a central syslog-ng
or monitoring system.

On Tue, Jan 4, 2011 at 7:26 PM, Paul Halliday <paul.halliday () gmail com>wrote:

> On Tue, Jan 4, 2011 at 2:51 PM, J. L. Cabral <jelocabral () gmail com> wrote:
> > Hi all, I need a starting point to enter to Snort world, so I think I
> > can use BASE or Snort Report to view the traffic logs.
> >
> > I've used BASE but I'm still fighting with sending alerts by email, I
> > can setup this feature. And also I've seen some snapshots from Snort
> > Report.
> >
> > What web interface do you recommend to me in order to view and receive
> > critical Snort's alerts by mail ???
>
> Sguil has email functionality and is one of the better (and only real
> time?) analyst consoles. Plus, it has an excellent web front end
> available as well ;P
>
> --
> Paul Halliday
> http://www.pintumbler.org
>
>
> ------------------------------------------------------------------------------
> Learn how Oracle Real Application Clusters (RAC) One Node allows customers
> to consolidate database storage, standardize their database environment,
> and,
> should the need arise, upgrade to a full multi-node Oracle RAC database
> without downtime or disruption
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users