Sure,

log the data to, for example an Mysql database, on the localhost, or on a
trusted mashine in the intranet.
then run a httpd on that mashine (within the intranet) with, for example
Acid as GUI.

Or you start a simple webserver on a win mashine in the intranet (like LWS
or something) and use your samba to read the logged data from the server.
(Of course the samba directory(snort logfiles) is only accessable from that
mashine)
And then download some loggfile parser and run it over the logs.

hope i could give you an idea!

Bydlo

-----Ursprüngliche Nachricht-----
Von: snort-users-adminlists.sourceforge.net
[mailto:snort-users-adminlists.sourceforge.net]Im Auftrag von cdowns
Gesendet am: Montag, 25. Februar 2002 14:57
An: snort-userslists.sourceforge.net
Betreff: [Snort-users] Snort Monitoring output Question

Good Morning all,
    We It has come time that management would like to see Live Logs and
Network Activity. I have been running Snort for sometime on all gateways
to our network with SSH2 RSA access. What my big question is what is the
best way to let them see these logs LIVE with an HTML interface without
Running HTTPD on the localhost ? IS there a way to move this data to a
trusted location ? without losing the sense of IDS (Secrecy).

Thanks in Advance.

~!>D

--
---------------------------------
  Network Security Administrator
      Skillsoft Corporation
    http://www.skillsoft.com
      cdownsskillsoft.com
 "You can't point and click your
   way to super cracker status"
---------------------------------
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]