Tip of the Trade: Simplifying Snort

Filed under
Software

Snort has truly grown up. Its fans watched it grow from a fairly simple, lightweight, yet effective, intrusion detector into a full-blown intrusion detector and preventer. Snort now runs on Windows and Mac OS X as well as Linux and Unix.

As Snort increased its capabilities, it has grown in complexity. Keeping an eye on what it's doing is a Spock-like endeavor. For those with neither futuristic brains nor pointy ears, the next best thing is Basic Analysis and Security Engine (BASE). BASE provides a Web-based window into what Snort is doing on your network.

BASE requires Snort, MySQL, an HTTP server, PHP, PCRE (i.e., the Perl Compatible Regular Expressions Library), libpcap, and the ADOdb Library for PHP. Barnyard and Oinkmaster are great optional tools that will help simplify the management of logfiles and rulesets.

Full Story.