Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Snort: Anyone recommend a good log analyzer

  1. #1

    Snort: Anyone recommend a good log analyzer

    Can anyone recommend a good log analyzer for snort. Something that will scan through the alerts and output pretty webpages out of it?

    In the past I have used snortsnarf, and was wondering if there are newer progs out there that can do the job better.

    Thanks in advance.

    Grinler

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I have been using ACID - Analysis Console for Intrusion Databases for my snort implementation for about the past year and I am pretty happy with it.

    Check it out.


    Cheers:
    DjM

  3. #3

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Demarc is good as well, kind of a shame it isn't free anymore...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Neb: It's free for personal and non-profit use.... I checked the license the other day. I got a scare when I went there cos the site has changed a little but the personal version is still there. I d/led it and am running it on a machine that is hard to get to, (read: locked down), so rather than jump through hoops to get a good connection I just terminal servered into it and d/led a new copy.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    anyone notice how this showed up on the main page?

    "Snort: Anyone recommend a good log anal
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Sick: Yes, but my mind was in predictive mode and I could "see" the "yzer"......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Id say hands down Demarc PureSecure is the best. Ive examined quite a few of them. IDSCenter has made some changes and can be "appealing" for windows users. But in terms of data management in a professional format that can be used multi-platform PureSecure has it. Also as a bonus you get HID's with it.

    The personal version is still free. Do not get the professional version because you will get locked out of administrative privaleges on the management console after 30 days.

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    Originally posted here by Tiger Shark
    Sick: Yes, but my mind was in predictive mode and I could "see" the "yzer"......
    i knew there was an "yzer" or "ist" at the end. just caught me off guard.
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  10. #10
    Junior Member
    Join Date
    Jan 2003
    Posts
    15
    help i got 40 seconds, i get a RPC error and it turns my computer off all the time, help me please, sorry no more time

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •