Fast Logging Project for Snort
Details
| Size: | 748K |
| Last Update: | 2008-06-04 22:23:39 |
| Version: | 1.6.0 |
| OS Support: | Linux |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | DG |
| Price: | $0.00 |
Description:
Fast Logging Project for Snort 1.6.0 is networking software developed by DG.
Fast Logging Project for Snort is designed to gather alerts with payload from distributed snort sensors on a central server and to store them in a database (MySQL and PostgreSQL are supported).
On the sensor, the output is written to a process called sockserv. This process is threaded; one thread receives and buffers the alert packets, and the other thread forwards them to a central server.
The output is decoupled from snort, which can proceed in sniffing instead of waiting for the output plugins. At the central server, a process called servsock gathers all alerts from the remote sensors and feeds them to the database.
A short description of alerts with high priority together with the database ID can be sent via email to a list of recipients.
Here are some key features of "Fast Logging Project for Snort":
Decoupling of the output from snort. Snort can work on new packets instead of processing the output.
Buffering of alerts on the sensor. This is useful if you have a shortage on your network to the central server or the servsock process on the central server is not running (maybe it will be restarted due to a change to a newer version...)
Buffering of alerts on the central server. It is not uncommon that the database (especially MySQL) is hanging during a high input rate or the rate is faster than the database is able to store.
Fast writing to the database via an unix domain socket.
E-Mail alerting on high priority alerts.
Drop feature for the worst case. At least the basic alert informations are still available either via E-Mail or on stdout/syslog.
Since version 1.0.6 the alerts which should be dropped on the central server if servsock exits are written to a swap file. So this data is still availabe.
If alerts have to been dropped because the high water mark was reached then these data are not written to the swap file.
What's New in This Release:
Several checks were added, the alert data from Snort got a tag, and a restart of Snort is now checked.
getpacket now has base 64 support.
The statistics are now generated via the control thread so some signals are no longer necessary.
The exit handler was rewritten and a cache for signatures was added.
This cache can accelerate the insert rate by up to a factor of two and is implemented as a red black tree.
During runtime, the only SELECT statement is for the signature ID, and all other operations are INSERT statements.
The idea is to cache all signatures that caused an alert.
Fast Logging Project for Snort 1.6.0 supports different languages (including english). It works with Linux.
Downloading Fast Logging Project for Snort 1.6.0 will take several seconds if you use fast ADSL connection.
0 comments
Add to
Fast Logging Project for Snort Version History
Related Software
|
|
From category: Networking |
| flow-tools 0.68 is networking software developed by Mark Fullmer. flow-tools is a set of programs for processing and managing NetFlow exports from Cisco and Juniper routers. The tools included are:... |
|
|
From category: Archiving |
| flexbackup 1.2.1 is archiving software developed by Paul Holcomb. flexbackup is for you if you have a single or small number of machines, amanda is \"too much\", and tarring things up by hand isn\'... |
|
|
From category: Boot |
| BUM - Boot-Up Manager 2.1.8 is boot software developed by Fabio. BUM - Boot-Up Manager is a Perl-Gtk2 application to handle runlevels configuration of any debian derivative system. With this... |
|
|
From category: Boot |
| BootRoot 0.4 is boot software developed by Jonathan Rosenbaum. BootRoot creates a boot disk with lilo, a kernel and an initrd image. The initrd script mounts another root disk with a compressed (gz... |
|
|
From category: Shells |
| Hotwire is intended to replace the interactive command execution portion of a typical Unix shell.... |
|
|
From category: Operating-Systems-Linux-Distri |
| BioBrew Linux 3.0.2.04 is operating systems linux distri software developed by Glen Otero. BioBrew Linux is an open source Linux distribution that is enhanced for life scientists. It is customized... |
|
|
From category: Operating-Systems-Linux-Distri |
| BBCD - Bootable Cluster CD 2.2.1c is operating systems linux distri software developed by Paul Gray. BCCD - Bootable Cluster CD was created to facilitate instruction of parallel computing aspects a... |
|
|
From category: Shells |
| d command 5.3 is shells software developed by Dave Yost. The d command runs a command in the background and redirects its output to a file. The output file is annotated with start and end time, the... |
|
|
From category: Monitoring |
| Easy Firewall Generator for IPTables 1.17 is monitoring software developed by Scott Morizot. Easy Firewall Generator for IPTables simply generate script for setting iptables. Advantage is its simpl... |
|
|
From category: Filesystems |
| clist 0.1.0 is filesystems software developed by Chris Bagwell. clist is a text-based directory browser and file manager. clist uses the curses library for graphics and the keyboard for interaction... |
|
|
From category: Filesystems |
| FUR filesystem 0.4.1 is filesystems software developed by Riccardo Di Meo. FUR is a application that let the user mount a Windows CE based device on your Linux file system: it uses the brilliant FU... |
|
|
From category: Networking |
| BigBoos 1.4.1 is networking software developed by Suyash Jain. Bigboos is a perl based network monitoring system, which pools the devices based on configuration. It is developed by keeping the Midd... |
|
|
From category: Operating-Systems-Linux-Distri |
| Arabian Linux 0.7 Alpha1 is operating systems linux distri software developed by ArabicOS Team. Arabian Linux also known as arl is a bootable CD with a compilation of GNU/Linux software, full supp... |
|
|
From category: Networking |
| ADSL Manager 0.1 is networking software developed by Tomasz Kopczynski. ADSL Manager utility provides you a very easy to use interface to manage your ADSL connection. You can control it by using an... |
|
|
From category: Emulators |
| Enomalism Virtualized Management Console 0.1 is emulators software developed by Enomaly Labs. Enomalism Virtualized Management Console project is a open source web-based systems administrator manag... |
Leave a comment