• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort front end questions

Scheduled Pinned Locked Moved pfSense Packages
7 Posts 3 Posters 4.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    subfire91
    last edited by Jun 3, 2010, 8:53 AM

    After searching the internet i found some snort front ends that can be used to manage snort:

    • B.A.S.E.
    • SnorBy
    • SGuil
    • S.A.F.E.
    • ACID
    • SnortSnarf
    • SWIK (?)

    Are there any missing from the above list that you may know?
    What are your inputs regarding the above projects?
    which one you recommend and why?

    Basically what im looking for is to able to handle the policy (changing signature responses - block, log, drop etc) over a gui or webgui instead of going into a command line frenzy.
    Also im looking for the best featured front end.

    Furthermore i have one question. Have you ever interacted with EasyIDS (Snort based)?

    thnx for your time

    1 Reply Last reply Reply Quote 0
    • J
      jerrygoldsmith
      last edited by Jun 4, 2010, 5:57 PM

      ANVAAL is a good one.

      1 Reply Last reply Reply Quote 0
      • G
        g4m3c4ck
        last edited by Jun 6, 2010, 6:41 PM

        Reading this pokes my curiosity how easily this could be setup using pfsense, the vhosts package, snort and a frontend gui as mentioned.

        1 Reply Last reply Reply Quote 0
        • J
          jerrygoldsmith
          last edited by Jun 7, 2010, 6:28 PM

          That would be awesome.  One of the reasons my company is hesitant to use PFsense is because it lacks a convenient way to pull logs from Snort.  Lots of little problems with Snorby, and others that make the pretty pretty charts and colors.

          1 Reply Last reply Reply Quote 0
          • G
            g4m3c4ck
            last edited by Jun 11, 2010, 3:54 AM Jun 11, 2010, 3:10 AM

            Instead of doing that why not use barnyard2 logging to a remote database and install the frontend on it? I am trying that now. So far I have barnyard2 up and running.

            Also James posted this link in his FAQ to get snorby up

            1 Reply Last reply Reply Quote 0
            • J
              jerrygoldsmith
              last edited by Jun 11, 2010, 3:24 PM

              Our linux guy did that and couldn't get the OpenVPN working for some reason.  He's tinkering with it in his spare time.

              1 Reply Last reply Reply Quote 0
              • G
                g4m3c4ck
                last edited by Jun 11, 2010, 10:08 PM

                It took some time but it was fairly easy when you follow the openvpn tutorial. You shouldn't unless you want to connect remotely anyways. I used my intranet web server to host the database and run the frontend.

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received