Posted by: Eric Hansen
Typical Snort installs have you installing BASE for a graphical front-end to view packet information. While the UI is fluid, it’s also very outdated. It has the coding standards of 1995-2000, with limited functionality in it (just enough to get what you want and get out).
As such, there’s been advances in making viewing Snort logs easier. Of those is Snorby (www.snorby.org). It’s based on Ruby on Rails and has a pretty slick interface that brings Web 2.0 to Snort. But how good is it, really?
Personally I can’t stand any RoR projects. They’re about as resource intensive as Java programs and have about the same performance. It’s great if you have a 32-CPU and 192GB RAM server, but if you’re trying to operate it on a VPS, you’ll need a pretty high-end VPS just to give it enough RAM (Xen VPS might be better suited).
The UI is nice but it feels a bit clunky in that it tries to present too much to you at once. Otherwise, the color scheme is nice, but the navigation feels like everything is just clumped up together.