Chapter 12. Additional Tools for Snort IDS Management
Apart from ACID and SnortCenter, there are a number of applications to help you administer, monitor, and manage your Snort sensors. Some of the solutions are open source; others are commercial. We’ll examine the open source tools more closely, but all of the commercial solutions we look at actually grew out of open source beginnings.
The main difference between the open source and the commercial tools is the ease of installation and what I’ll call the “fit and finish.” Open source tools are more difficult to install and their interfaces are not as polished. While we are not going into nearly as much detail as we did with ACID and SnortCenter, the main features of each application are highlighted. Investigate the tools to determine if they fit your particular needs.
Open Source Solutions
Many open source tools are designed to help with some aspect of managing Snort. Most target a particular task (updating rules, managing alerts, and so on), but some are surprisingly full-featured. Snort has changed a great deal (the moves from 1.x to 2.x and from 2.x to 2.1.x were dramatic). Some of the tools do not support new features, such as the new preprocessors (even ACID is showing signs of age as its development falters).
SnortReport
|
Developer: |
David Gullet |
|
Link: | |
|
Download Link: | |
|
Platform: |
Web-based (PHP) |
|
Prerequisites: |
Apache, PHP (GD Support compiled in), ... |
Get Managing Security with Snort & IDS Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
