I.T. Security and Linux Administration

Dec 31 2012   3:28PM GMT

Review: Snort GUI – Snorby

Eric Hansen Eric Hansen Profile: Eric Hansen

Typical Snort installs have you installing BASE for a graphical front-end to view packet information. While the UI is fluid, it’s also very outdated. It has the coding standards of 1995-2000, with limited functionality in it (just enough to get what you want and get out).

As such, there’s been advances in making viewing Snort logs easier. Of those is Snorby (www.snorby.org). It’s based on Ruby on Rails and has a pretty slick interface that brings Web 2.0 to Snort. But how good is it, really?

Personally I can’t stand any RoR projects. They’re about as resource intensive as Java programs and have about the same performance. It’s great if you have a 32-CPU and 192GB RAM server, but if you’re trying to operate it on a VPS, you’ll need a pretty high-end VPS just to give it enough RAM (Xen VPS might be better suited).

The UI is nice but it feels a bit clunky in that it tries to present too much to you at once. Otherwise, the color scheme is nice, but the navigation feels like everything is just clumped up together.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: