Re: [Snort-users] snort and tools overview

--On 20 August 2004 12:10 +0200 Thomas Zauner
<Thomas_Zauner@bayern-mail.de> wrote:

>
> updated snort-tools-diagram today
>
>
> http://62.245.250.125/snort.png

mudpit <http://fidelissecurity.com/techtalk/mudpit.asp> and FLoP
<http://www.geschke-online.de/FLoP/> are alternatives to barnyard with
different advantages and disadvantages. I've been using mudpit until now,
but plan to use FLoP in my next deployment. FLoP can log entire sessions
with the corresponding alert(s) in the SQL database for later extraction
(requires a modified schema and a tool included in the FLoP distribution).

Snortcenter2 can be found at
<http://sourceforge.net/projects/snortcenter2/>. I recommend using the
snortcenter-console-patch branch of the CVS tree for 2.0.6 and newer
versions of Snort. Attempting to use older versions of snortcenter will
result in damaged rules.

OSSIM <http://www.ossim.net> integrates alerts from Snort with those from
other tools including p0f and ntop and probably deserves a mention. The
OSSIM snort src.rpm includes an updated version of the SPADE patch which
appears to work with Snort 2.2.0.

HTH,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users