Problem
You want your Snortsnarf web pages to update automatically.
Solution
Move the Snortsnarf files to the appropriate location within your PATH as follows:
[root@localhost root]# cp /root/SnortSnarf-021111.1/include/* /usr/lib/perl5/site_perl/5.8.0 [root@localhost root]# cp /root/SnortSnarf-021111.1/include/ SnortSnarf/* /usr/lib/perl5/site_perl/5.8.0 [root@localhost root]# cp /root/SnortSnarf-021111.1/snortsnarf.pl /etc
Edit the crontab by using the following command:
[root@localhost root]# crontab -e
Add the following entry to run Snortsnarf every 10 minutes and refresh the browser every 5 minutes:
*/10 * * * * /etc/snortsnarf.pl -d /var/log/www/snortsnarf -refresh=300 /var/log/snort/alert
Discussion
It can be a tedious task to run the Snortsnarf command manually each time you want to look at your data. Creating the Snortsnarf cron job entry is an easy way to have Snortsnarf executed on a regular basis and have the browser refresh automatically, too. This way, you could have the browser open in your network operations center and be quickly alerted to new events.
See Also
Recipe 5.4
Cron manpage
Installing and Configuring ACID |
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance
Index