• Not forced to delete alerts; uses filtering which can be overridden
• Easy installation; one small config file
• Simple task-oriented views
• Support regular users and administrator(s); users can manage their own passwords
• Adjustable security parameters
• Provides packet information and data view
• DNS resolution option
It's a good idea to occassionally review and combine filters. For example, if you've been clearing alerts daily, it can become difficult to see what's filtered because of all the lines on the filter criteria page. Use the date range to set a new single filter, and remove the single-day filters. Remember that all actions are recorded in the log, so there should be no fear of losing the audit trail.
A good way to clean up old alerts is to keep all your signature and ip-based filters intact, and create a new filter of all alerts based on a timeframe. Then from the filter criteria page, delete the alerts related to this new date-based filter, then delete the filter.
SNEZ celebrated his?her?its? 1,000th download today! Thanks for downloading and using SNEZ, reporting bugs, and asking for enhancements.
Too keep performance optimum, it's a good idea to occasionally stop snort and barnyard and use mysqlcheck, ie.
mysqlcheck --databases snort -vaop
mysqlcheck --databases SNEZ -vaop
README.ssl has a typo in the instructions for creating a self-signed certificate. The instruction step that says 'chmod 600 selfsigned_digi.crt' should say
'chmod 600 selfsigned_digicert.crt'. Also, the keylength specified in the first openssl command says 1024 a keylength example, but you should use a stronger one such as 2048 if available.
SNEZ has been downloaded over 2,000 times. Thank you for reporting bugs, and recommending enhancements!
SNEZ now works on Ubuntu! Well it always did, but you had to modify the install scripts, change file owners, and adjust a few features. Now SNEZ 1.11 alpha provides the option to install on Centos 6.x or Ubuntu 14.04 LTS.
About SNEZ Bleeding Edge-
For those wanting the latest features, the 'bleeding edge' folder contains the latest tar file in an alpha or beta release, and matches source code in the git repository. So if you don't mind risking a bloody snout, you can get the latest development features. When reporting problems, please first download and test the latest tar file from the bleeding edge folder.
To downgrade from a bleeding edge version, just run SNEZinstall from a prior version.
Thanks for testing the latest SNEZ functions!
SNEZ 1.11 was just released, providing install scripts and features tested on Ubuntu 14.04 LTS. So now you have the option to install on Centos or Ubuntu.
Experimental installation script and code changes are available for SNEZ on SUSE. Email email@example.com
Security Update Released
SNEZ-1.11.1 has been released and fixes a security flaw. All users should uininstall/install or upgrade*. This update also fixes errors in the display of rule documentation.
(* fix requires making your settings in SNEZconfig.php in /opt/SNEZ/SNEZ-1.11.1 directory, and running SNEZconfiginstall after SNEZinstall, step 8 in the README).
For those unable to upgrade to SNEZ 1.11.1 at this time, a hotfix, HF20141102 is available in the Hotfix folder and can be applied to all prior versions. A README is provided with installation instructions. It is strongly recommended that the hotfix is applied.
SNEZ 1.9 and 1.10 are no longer downloadable. Fixes will continue to be applied to SNEZ 1.11.
An update was made to the prior wiki entry to better explain the (highly) recommended security fix provided by SNEZ 1.11.1
SNEZ is Snort++ (aka Snort 3.0) ready. SNEZ 1.11.2 was released today as a maintenance release to address some bugs and a security issue. However, it was also tested against the alpha version of Snort 3.0. In addition, SNEZ now contains install scripts for Centos, Ubuntu, and OpenSuSe.