Problem
You need an easy-to-use GUI management console to manage your Snort sensors.
Solution
Use SnortCenter or IDS Policy Manager to manage your distributed Snort sensors remotely.
Use IDScenter to manage a Windows Snort sensor locally.
Discussion
Managing numerous Snort sensors in a distributed environment via the command line and editing configuration files can sometimes be a tedious task. Fortunately, there are several GUI methods you can use to manage your Snort sensors efficiently.
SnortCenter manages remote sensors in a web-based client-server method. It is written in PHP and Perl. Both the management console and sensor agents can be installed on Unix and Windows. The management console allows you to build configuration files and then send them to the remote sensors. SnortCenter has several useful features, including: encryption of client-server traffic, authentication, the ability to push new configurations, and the ability to update and import new Snort signatures automatically.
IDS Policy Manger is also used to manage remote sensors in a distributed Snort environment. It is written in Visual Basic and runs on Windows NT, 2000, and XP. IDS Policy Manager is a graphical interface that allows you to manage rules and configuration files on remote Snort sensors. It can be used to manage both Unix and Windows sensors by using standard protocols. IDS Policy Manager has several useful features, including: the ability to merge new rules into existing rule files, the ability to update rules via the Web, and the ability to securely upload and download configuration changes via secure copy (scp).
IDScenter can be used to manage Windows Snort sensors locally via a graphical user interface. IDScenter provides full configuration and management of the Snort sensor, and includes many feature enhancements, such as configuration wizards, alert file monitoring, log rotation, integrated log viewer, and automatic program execution upon attack detection. However, since IDScenter runs only on the local sensor, it cannot be used to manage multiple remote sensors in a distributed environment.
See Also
Recipe 5.2
Recipe 5.3
Recipe 5.10
http://www.engagesecurity.com/products/idscenter/
http://users.pandora.be/larc/index.html
http://www.activeworx.org/programs/idspm/index.htm
Installing and Configuring IDScenter |
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance
Index