Snort mailing list archives

Re: BASE or Snort Report ???

From: Bamm Visscher <bamm.visscher () gmail com>
Date: Wed, 5 Jan 2011 08:51:16 -0500

For the record, no, Sguil is not a dead project. The community is
still quite active even if commits to CVS haven't been happening. Join
#snort-gui on irc.freenode.net and you'll find a number of seasoned
pro's willing to help/discuss Sguil, Snort, NSM, IDS, security,
fishing, music, .....

With that said, I wouldn't recommend Sguil for someone just starting
out with Snort or who is looking for an "alert browser".  Take your
time. Install Snorby or syslog alerts to Splunk. Do some analysis. If
over time you come to the conclusion that you need more data and tools
to facilitate better analysis, then check out Sguil and the concept of
NSM.

Bamm



On Tue, Jan 4, 2011 at 10:01 PM, Garland, Ken R <garlandkr () gmail com> wrote:

With sguil replace the word 'excellent' with 'horrid' in regards to the web
interface - It's also a dead project as far as I can tell.
On the topic of vaporware, didn't BASE get dumped some time ago as well?
Two jobs ago I wrote a custom interface using Python/Pylons that had
realtime views and analysis. At my last position I put Snorby in place and
that was a real treat, blew me away with the reports available and
interface. They just released 2.0 which I had been waiting for, but I've
since left that company and I've graduated from dealing with such things.
Chose something that will have room to grow and has, at the minimum, a
current set of interested developers. As a few others have pointed out you
might want to consider using plugins for snort to send alerts or using
syslog to deal with alerts, syslog-ng can handle alerts all on its own with
quite a bit of intelligence. I always liked using a notification system
outside of Snort as there are many other things in the admin world that
require attention. I keep them in a central place with a central syslog-ng
or monitoring system.


-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: BASE or Snort Report ???, (continued)
- - - Re: BASE or Snort Report ??? J. L. Cabral (Jan 04)
    - Re: BASE or Snort Report ??? Joel Esler (Jan 04)
    - Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)
    - Re: BASE or Snort Report ??? Joe Pampel (Jan 04)
    - Re: BASE or Snort Report ??? Jefferson, Shawn (Jan 04)
    - Re: BASE or Snort Report ??? Champ Clark III [Softwink] (Jan 04)
    - Re: BASE or Snort Report ??? Tilley, Brad (Jan 05)
    - Re: BASE or Snort Report ??? Martin Holste (Jan 05)
- Re: BASE or Snort Report ??? Paul Halliday (Jan 04)
  - Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)
    - Re: BASE or Snort Report ??? Bamm Visscher (Jan 05)
    - Re: BASE or Snort Report ??? Jun Wan (Jan 06)
    - Re: BASE or Snort Report ??? Crusty Saint (Jan 06)
    - Re: BASE or Snort Report ??? Champ Clark III [Softwink] (Jan 05)
- Re: BASE or Snort Report ??? Gibson, Nathan J. (HSC) (Jan 04)
  - Re: BASE or Snort Report ??? Randal T. Rioux (Jan 04)