Running Snortsnarf Automatically

Problem

You want your Snortsnarf web pages to update automatically.

Solution

Move the Snortsnarf files to the appropriate location within your PATH as follows:

[root@localhost root]# cp /root/SnortSnarf-021111.1/include/* /usr/lib/perl5/site_perl/5.8.0

[root@localhost root]# cp /root/SnortSnarf-021111.1/include/

SnortSnarf/* /usr/lib/perl5/site_perl/5.8.0

[root@localhost root]# cp /root/SnortSnarf-021111.1/snortsnarf.pl /etc

Edit the crontab by using the following command:

[root@localhost root]# crontab -e

Add the following entry to run Snortsnarf every 10 minutes and refresh the browser every 5 minutes:

*/10 * * * * /etc/snortsnarf.pl -d /var/log/www/snortsnarf 

-refresh=300 /var/log/snort/alert

 

Discussion

It can be a tedious task to run the Snortsnarf command manually each time you want to look at your data. Creating the Snortsnarf cron job entry is an easy way to have Snortsnarf executed on a regular basis and have the browser refresh automatically, too. This way, you could have the browser open in your network operations center and be quickly alerted to new events.

See Also

Recipe 5.4

Cron manpage

Installing and Configuring ACID

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index



Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net