Re: Snort Monitoring

From: Krzysztof Przepiorka (Krzysztof.Przepiorka@pro-futuro.com)
Date: 10/30/02


Date: Wed, 30 Oct 2002 08:48:24 +0100
From: Krzysztof Przepiorka <Krzysztof.Przepiorka@pro-futuro.com>
To: "Scott M. Algatt" <turtle@turtleshell.net>

Scott M. Algatt wrote:

>All,
>
>Thanks for the reponses!
>
>Let me start by better explaining my current setup and then list the
>different suggested packages. I wanted to just send a blanket statement
>because I should be able to customize my setup in order to accomodate the
>package of my dreams :)
>
>Anyways, I am already running ACID. We have about 80+ sensors running and
>they all report to our centralized ACID database using an stunnel'd
>connection. This is the best thing since sliced bread as far as I am
>concerned. We are able to view lots of traffic and what not. The only
>problem is that with 80+ sensors there is no way to tell if a sensor is
>not sending me information. I was only looking for something to
>accomplish the piece of notification of online/offline status. After all
>of the responses my brain began to spiral out of control from the
>possibilities of all the different software out there. There are about
>five pieces of software that were suggested.
>
>Nagios
>www.nagios.com
>
>Snortcenter
>users.pandora.be/larc
>
>Demarc PureSecure
>www.demarc.com
>
>Big Brother
>www.bb4.org
>
>StillSecure Border Guard
>www.stillsecure.com
>
>
>
>I am currently toying with snortcenter for a number of reasons, free,
>integrates with ACID, and I think it fits the bill.
>
>Again thanks to everyone!
>
>Regards,
>
>Scott M. Algatt
>
>Behold the turtle. He makes progress only when he sticks his neck out.
>
>
>
>
>
If you only want to monitor if snort daemon is up /down you can always
use a net-snmp (ucd-snmp) agent to monitor if the processes are running
or not, if not a trap will be sent to a management console (i.e. based
on scotty)

Regards
KP