Snort front end questions

  • After searching the internet i found some snort front ends that can be used to manage snort:

    • B.A.S.E.
    • SnorBy
    • SGuil
    • S.A.F.E.
    • ACID
    • SnortSnarf
    • SWIK (?)

    Are there any missing from the above list that you may know?
    What are your inputs regarding the above projects?
    which one you recommend and why?

    Basically what im looking for is to able to handle the policy (changing signature responses - block, log, drop etc) over a gui or webgui instead of going into a command line frenzy.
    Also im looking for the best featured front end.

    Furthermore i have one question. Have you ever interacted with EasyIDS (Snort based)?

    thnx for your time

  • ANVAAL is a good one.

  • Reading this pokes my curiosity how easily this could be setup using pfsense, the vhosts package, snort and a frontend gui as mentioned.

  • That would be awesome.  One of the reasons my company is hesitant to use PFsense is because it lacks a convenient way to pull logs from Snort.  Lots of little problems with Snorby, and others that make the pretty pretty charts and colors.

  • Instead of doing that why not use barnyard2 logging to a remote database and install the frontend on it? I am trying that now. So far I have barnyard2 up and running.

    Also James posted this link in his FAQ to get snorby up

  • Our linux guy did that and couldn't get the OpenVPN working for some reason.  He's tinkering with it in his spare time.

  • It took some time but it was fairly easy when you follow the openvpn tutorial. You shouldn't unless you want to connect remotely anyways. I used my intranet web server to host the database and run the frontend.

Log in to reply