Chapter 11. Using SnortCenter as a Snort IDS Management Console
ACID provided us with a powerful tool to manage the alerts generated by the Snort sensors. Managing the sensors themselves—the configurations, preprocessors, rule sets—can all be accomplished from the command line. However, when you have to manage multiple sensors in several different locations, it’s easier to manage all the systems from one location. SnortCenter provides this capability through a web interface. Many administrators use the same web server to run SnortCenter and the ACID console. If you prefer a standalone system, refer to the installation directions for Apache and PHP in Chapter 10. Then move to the installation section for SnortCenter, below.
SnortCenter Console Installation
There are two parts to the SnortCenter installation, the console and the agent. The console runs on the management console and provides the web interface for managing all Snort sensors. As previously mentioned, it can be installed on the same system running ACID. The SnortCenter agent runs on all peripheral Snort sensors. They report all Snort-related alerts and configuration information to the console.
Download and install the SnortCenter console software. This application is used for a variety of purposes, including updating your list of signatures and rules, managing and customizing the different sensors in your networks, creating custom signatures, and adding pre-processors to the rule base. SnortCenter is a powerful program that ...
Get Managing Security with Snort & IDS Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
