Chapter 5. Administrative Tools
Introduction
Your IDS is installed and configured, and it is happily generating logs and alerts, so now what do you do? One of the biggest issues with managing an IDS implementation is handling the potentially large numbers of alerts and logs. If your IDS is configured on a public network that receives a lot of traffic, you could potentially see thousands of alerts a day, from script kiddy scans to worms and other exploits. There are several Snort add-on tools that help you correlate and analyze Snort output data. You can find anything from full-fledged alert-management systems with web frontends to simple purpose-built scripts. This chapter explores some of the most popular tools for administering your Snort implementation: IDScenter, SnortCenter, ACID, SWATCH, Snortsnarf, Barnyard, IDS Policy Manager, HenWen, and Webmin. Some of the functionality for these tools overlaps. However, each has its own benefits and function. The good thing is that you can experiment with all of them to see which ones best suit your needs, because they are all free!
5.1. Managing Snort Sensors
Problem
You need an easy-to-use GUI management console to manage your Snort sensors.
Solution
Use SnortCenter or IDS Policy Manager to manage your distributed Snort sensors remotely.
Use IDScenter to manage a Windows Snort sensor locally.
Discussion
Managing numerous Snort sensors in a distributed environment via the command line and editing configuration files can sometimes be a tedious ...
Get Snort Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.