John.JacksonSAVVIS.NET

• Next message: Billy Austin: "Re: Intrusion Detection Logfile Software"
• Previous message: Yoann LeCorvic: "Re: Intrusion Detection Logfile Software"
• Maybe in reply to: Wally Hass: "Intrusion Detection Logfile Software"
• Next in thread: Billy Austin: "Re: Intrusion Detection Logfile Software"
• Maybe reply: Jackson, John: "Re: Intrusion Detection Logfile Software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have recently had the opportunity to use and enjoy Snortsnarf, which
parses the alerts file(s) from Snort and whips out some very fancy HTML.
I don't know how any explanation I could give you would do it justice,
so you'll just have to see the example at their home site.

Please take the time to install it, and watch for a few days how easy it
is to obtain executive summaries of your IDS logs, and how easily you
can click through the pages to see exactly the data you want.

http://www.silicondefense.com/snortsnarf/

.nhoJ

| -----Original Message-----
| From: Yoann LeCorvic [mailto:yoann.lecorvicINFRASOFT-CIVIL.COM]
| Sent: Wednesday, October 11, 2000 7:06 AM
| To: FOCUS-IDSSECURITYFOCUS.COM
| Subject: Re: Intrusion Detection Logfile Software
|
|
| Hi
|
| I use Snort with AracNIDS coupled with SHADOW 1.6 for
| historical logging. SHADOW is using tcpdump to log all
| traffic, and pass it to an analysis workstation through ssh.
| The ananlysis station uses filters to display what you need
| and publishes it on an Apache Server.
|
| Here is where you can get it
|
| http://www.nswc.navy.mil/ISSEC/CID/
|
| Cheers

• Next message: Billy Austin: "Re: Intrusion Detection Logfile Software"
• Previous message: Yoann LeCorvic: "Re: Intrusion Detection Logfile Software"
• Maybe in reply to: Wally Hass: "Intrusion Detection Logfile Software"
• Next in thread: Billy Austin: "Re: Intrusion Detection Logfile Software"
• Maybe reply: Jackson, John: "Re: Intrusion Detection Logfile Software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]