SNORT----Keatron??

Silver BulletSilver Bullet Member Posts: 676 ■■■□□□□□□□
in Off-Topic
Keatron,
I saw in another topic where you mentioned that you have been implementing a lot of Snort installs lately and was curious as to if you minded sharing a little info.

I recently started playing with snort on my home network and trying to keep the latest VRT rules intstalled on the Snort box.

I have noticed there are a few different ways of monitoring Snort's activity.....what is your preferred method of monitoring?

I am currently running Snort on Ubuntu......is there a different distro that you recommend?

Add any other tips/tricks that you feel will get me off to a good start.

Thanks
· Share on FacebookShare on Twitter

Comments

  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    My usual package rollout with Snort is ACID, MySQL, Apache, and Shadow, all running on Fedora. Also it depends on what you're using Snort for. It can be used as a sniffer, and IDS, and other things. Really all you actually need is ACID and Shadow, to go along with Snort and get basic to intermediate functionality. I'm actually working on a Snort manual. I'll certainly be making it free in PDF to all Techexams members. Johan might even have a copy resting here on TE when I'm done with it.

    Do you have any specific questions? ACID is my monitoring tool of choice, and MySQL the database of choice.
    http://resources.infosecinstitute.com/author/keatron
    · Share on FacebookShare on Twitter
  • Silver BulletSilver Bullet Member Posts: 676 ■■■□□□□□□□
    It is currently setup as an IDS but I haven't used it enough or studied it enough to get very advanced with it yet.

    What about Real Time Monitoring and Alerts?
    If I am wrong in thinking that ACID is a historical analyser then please correct me.

    I will be very interested in the keatronsnort.pdf
    · Share on FacebookShare on Twitter
Sign In or Register to comment.