Menu
▾
▴
Re: [Packetfence-users] Suricata Supoort?
|
From: Peter B. <p....@go...> - 2010-02-03 14:09:57
|
Hello all... --On 03 February 2010 08:27 -0500 Rich Rumble <ric...@gm...> wrote: > I'm curious if PacketFence is going to or looking to support the new > IDS engine Suricata? > http://www.openinfosecfoundation.org/index.php/download-suricata It > logs to the same facilities as Snort currently, but built-in support > for MySQL isn't there, one has to use Barnyard2 or similar to get the > Unified1/2 logs into a database. I think there is also a plain-text > log but I'm not sure if it contains all the data necessary. Interesting project - visiting the website throws the following error in their Twitter feed: Warning: /usr/local/psa/home/vhosts/openinfosecfoundation.org/httpdocs/cache/322a447e94ada39d27e768f582809fe8.spc is not writeable in /usr/local/psa/home/vhosts/openinfosecfoundation.org/httpdocs/libraries/simplepie/simplepie.php on line 1623 - which doesn't exactly impress for a security project! ;) There are other projects out there like Bro - it's interesting to see a bit of competition for Snort - the documentation on the Suricata website is a bit on the vague side though - is it compatible with Snort rule syntax and a 'drop in' replacement? -- Peter Bates, Network Support & Development Officer Goldsmiths, University of London New Cross, London SE14 6NW. Telephone: 020 7919 7082 |
