Hi JPZ, You can definitely save some time on your Snorby installation by using Security Onion. Using our ISO image, you can have Snorby up and running in about 10 minutes. We now have a Snorby 2.5.4 package in our stable repo so you can then just do an "apt-get dist-upgrade" and get the latest version of Snorby quickly and easily.
If you end up trying Security Onion, I'd also recommend you try our ELSA implementation. Out of the box, it monitors the OSSEC archives.log and you can also configure it to store OSSEC alerts. Hope that helps! Thanks, Doug On Mon, Jan 28, 2013 at 7:21 AM, JPZ <jp.zurbr...@gmail.com> wrote: > thefergus, thank you very much for your detailed email, I agree completely > on the Snorby dependencies; it took me two tries(1 week each) to get that > thing working on a LAB environment without forcing its ruby dependencies ( I > used RVM)... I will keep your warnings regarding performance issues in mind > while I keep trying to make snorby work as I have dedicated way too much > time on it, I even took a small crash course on perl this weekend to try and > update the ossec2mysql.pl script originally made for BASE. > > In case anyone else is following this, Dan's note on Barnyard2' support for > prelude output would fix my issues with the current snort upgrade to =>2.9.3 > but as I said, I'd really like to get snorby up and running. If and when I > do, I will post back with details on what I did and how everything is moving > along. > > Our retwork isn't big, around 350 desktops and snort handles around 10k > active sessions throughout the day, at most. OSSEC currently monitors 27 > hosts. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group, send email to > ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- Doug Burks http://securityonion.blogspot.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
