-
August 22nd, 2003, 04:55 PM
#1
Snort: Anyone recommend a good log analyzer
Can anyone recommend a good log analyzer for snort. Something that will scan through the alerts and output pretty webpages out of it?
In the past I have used snortsnarf, and was wondering if there are newer progs out there that can do the job better.
Thanks in advance.
Grinler
-
August 22nd, 2003, 05:01 PM
#2
I have been using ACID - Analysis Console for Intrusion Databases for my snort implementation for about the past year and I am pretty happy with it.
Check it out.
Cheers:
-
August 22nd, 2003, 05:58 PM
#3
-
August 22nd, 2003, 06:35 PM
#4
Demarc is good as well, kind of a shame it isn't free anymore...
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
August 22nd, 2003, 06:44 PM
#5
Neb: It's free for personal and non-profit use.... I checked the license the other day. I got a scare when I went there cos the site has changed a little but the personal version is still there. I d/led it and am running it on a machine that is hard to get to, (read: locked down), so rather than jump through hoops to get a good connection I just terminal servered into it and d/led a new copy.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 22nd, 2003, 06:57 PM
#6
anyone notice how this showed up on the main page?
"Snort: Anyone recommend a good log anal
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.
-
August 22nd, 2003, 07:06 PM
#7
Sick: Yes, but my mind was in predictive mode and I could "see" the "yzer"......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 22nd, 2003, 07:14 PM
#8
Id say hands down Demarc PureSecure is the best. Ive examined quite a few of them. IDSCenter has made some changes and can be "appealing" for windows users. But in terms of data management in a professional format that can be used multi-platform PureSecure has it. Also as a bonus you get HID's with it.
The personal version is still free. Do not get the professional version because you will get locked out of administrative privaleges on the management console after 30 days.
-
August 22nd, 2003, 07:58 PM
#9
Originally posted here by Tiger Shark
Sick: Yes, but my mind was in predictive mode and I could "see" the "yzer"......
i knew there was an "yzer" or "ist" at the end. just caught me off guard.
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.
-
August 22nd, 2003, 08:52 PM
#10
Junior Member
help i got 40 seconds, i get a RPC error and it turns my computer off all the time, help me please, sorry no more time
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|