Monitoring and Dealing With Snort Alerts
Oct 10, 2011, 10:01 (0 Talkback[s])
(Other stories by Juliet Kemp)
[ Thanks to Lee
Schlesinger for this link. ]
"Snort itself doesn't actually do anything with its alerts, so
it's important to make sure you have something in place to check
for them. You do have a choice of output modules, but (with one
exception, alert_unixsock, which I'll talk more about later) these
only output to a file or a database. To monitor your chosen output
format, you have several third-party options, with Snort Alert
Monitor being one of the more popular ones, as it allows you to
configure email alerts among other output types. If you have
additional specific requirements, SAM exposes its API and is (at
least according to its author!) simple to extend."
Complete Story
Related Stories:
- Use Profiling to Improve Snort Performance(Oct 06, 2011)
- Snort 2.9.1 has been released, including Protocol Aware Flushing and IP Reputation Preprocessor(Aug 26, 2011)
- A Simple Snort Alert Parser(Sep 27, 2010)
- Intrusion Detection With Snort, ACIDBASE, MySQL, And Apache2 On Ubuntu 9.04(Sep 25, 2009)
- Snort open source IDS turns 10(Jun 01, 2009)
- Using Snort: Part 1: Installation and Configuration(Jun 10, 2008)
- When Snort is Not Enough(Jun 03, 2008)
