Survey of Log Analysis Tools for Snort
Source: Unix Review - Posted by Pete O'Hara   
Intrusion Detection Snort is a lightweight network intrusion detection system capable of logging every possible trace of intrusion attempts into a text file, syslog, XML, libpcap format, or a database. This article introduces current tools that can help systems administrators analyze different log formats generated by Snort. This is not a complete analysis of all possible tools available for Snort. Because Snort is a robust freeware program, new tools are continuously developed and updated by users from around the globe. . . . Snort is a lightweight network intrusion detection system capable of logging every possible trace of intrusion attempts into a text file, syslog, XML, libpcap format, or a database. This article introduces current tools that can help systems administrators analyze different log formats generated by Snort. This is not a complete analysis of all possible tools available for Snort. Because Snort is a robust freeware program, new tools are continuously developed and updated by users from around the globe. More tools are available for similar purposes but are not specifically designed or written for Snort.

The Snort tools covered fall into three different categories of output formats: text-based, libpcap-based, and database. The installation methods and functions will be briefly described for each tool in its own section. This article is written with Snort-1.8 beta 5 build 19. The version of tools used in this article will be noted in later sections.

Read this full article at Unix Review

Only registered users can write comments.
Please login or register.

Powered by AkoComment!