Re: Snort MonitoringFrom: Krzysztof Przepiorka (Krzysztof.Przepiorka@pro-futuro.com)
- Previous message: Aaron Turner: "Re: Changes in IDS Companies?"
- In reply to: Scott M. Algatt: "Re: Snort Monitoring"
- Next in thread: Brennen Reynolds: "RE: Snort Monitoring"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Oct 2002 08:48:24 +0100 From: Krzysztof Przepiorka <Krzysztof.Przepiorka@pro-futuro.com> To: "Scott M. Algatt" <email@example.com>
Scott M. Algatt wrote:
>Thanks for the reponses!
>Let me start by better explaining my current setup and then list the
>different suggested packages. I wanted to just send a blanket statement
>because I should be able to customize my setup in order to accomodate the
>package of my dreams :)
>Anyways, I am already running ACID. We have about 80+ sensors running and
>they all report to our centralized ACID database using an stunnel'd
>connection. This is the best thing since sliced bread as far as I am
>concerned. We are able to view lots of traffic and what not. The only
>problem is that with 80+ sensors there is no way to tell if a sensor is
>not sending me information. I was only looking for something to
>accomplish the piece of notification of online/offline status. After all
>of the responses my brain began to spiral out of control from the
>possibilities of all the different software out there. There are about
>five pieces of software that were suggested.
>StillSecure Border Guard
>I am currently toying with snortcenter for a number of reasons, free,
>integrates with ACID, and I think it fits the bill.
>Again thanks to everyone!
>Scott M. Algatt
>Behold the turtle. He makes progress only when he sticks his neck out.
If you only want to monitor if snort daemon is up /down you can always
use a net-snmp (ucd-snmp) agent to monitor if the processes are running
or not, if not a trap will be sent to a management console (i.e. based