Linux Today: Linux News On Internet Time.

LinuxSecurity.com: Snort-Setup for Statistics HOWTO

Jan 04, 2002, 23:03 (0 Talkback[s])
(Other stories by Sandro Poppi)

[ Thanks to LinuxSecurity Contributor for this link. ]

"This HOWTO describes how to configure Snort version 1.8.3 to be used in conjunction with the statistical tools ACID (Analysis Console for Intrusion Databases) and SnortSnarf. It also intends to get some internal statistics out of snort, e.g. if there are packets dropped.

Additionally a description of how to automatically update Max Vision's rules, some scripts which may be helpful and a demo swatch configuration is included.

This document was written when I created an IDS sensor with Snort and using some statistic tools in order to help others implementing it. If at least one out there can be helped it has been worth the work.

Snort is an excellent Network Intrusion Detection System (NIDS) for various unices. The Snort homepage can be found at http://www.snort.org/. The version described here is 1.8.3 which was the actual version at the time of writing."

Complete Story

Related Stories: