Re: Snort Monitoring

From: Jérôme Tytgat (jtytgat@websurg.com)
Date: 10/30/02 

From: Jérôme Tytgat <jtytgat@websurg.com>
To: "Chris Fairbourne" <chris@camsystems.com>, "'Scott M. Algatt'" <salgatt@turtleshell.net>
Date: Wed, 30 Oct 2002 10:22:25 +0100

or ps-watcher which work with regex
----- Original Message -----
From: "Chris Fairbourne" <chris@camsystems.com>
To: "'Scott M. Algatt'" <salgatt@turtleshell.net>
Cc: <focus-ids@securityfocus.com>
Sent: Tuesday, October 29, 2002 1:59 AM
Subject: RE: Snort Monitoring

> > I am looking for something that will provide monitoring of snort for me.
> > I have several remote installs of Snort 1.9 and need to find a way to
> > monitor them to make sure they are operational.
>
>
> DJ Bernstein's daemontools (supervise/svcscan) can monitor & restart yer
> Snort daemon for ya.
> http://cr.yp.to/daemontools/svscan.html
> Perhaps a bit more elegant than something homebrew anyway.
>
>
> Regards,
> chris
>

Relevant Pages

  • Re: Intrusion Detection Evaluation Datasets
    ... more similar to "normal" Snort rules. ... The lowest level, Triggers, are combined into Actions, which are in turn ... This means that you can monitor for SQL injection ... This means that an Action detecting an ...
    (Focus-IDS)
  • Re: Snort 101- Help
    ... configure your HOME_NET to monitor ... page 8 in SNORT documentation, ... I am not sure if Tomcat in front of Apache will interfere ... HTTP_PORT would be your port 8009, ...
    (comp.security.firewalls)
  • RES: snort- problems
    ... snort is monitoring only the ... It is important to gather some other information about your network, ... assign the "monitor port" to snort. ...
    (Focus-IDS)
  • Re: Snort Monitoring
    ... You can use SnortCenter to monitor if your remote Snort sensors are running. ...
    (Focus-IDS)