Categories

Archives

Graphing snort.stats with gnuplot

So we have been trying to create some visual graphs for all of our Snort instances so we can easily tell when traffic/processor/alert spikes are occurring. This lead us to the very useful snort.stats file. However, if you are compiling Snort (or using someone elses packages) you need to ensure that it was compiled/configured with [...]

August 11th, 2009 | Tags: | Category: IDS | Leave a comment

Snort IP Blacklisting Version 2 Patch and Unified Output

After playing around with Mr. Roesch’s IP blacklisting patch for Snort, we had noticed that the output wasn’t going to help us as much as we wanted. The problem we were facing was that we use unified output from Snort which is later processed by Barnyard before being placed into the alerts database. When Snort [...]

August 11th, 2009 | Tags: , , , , , , | Category: IDS | Leave a comment