Snorby is a new and modern Snort IDS front-end. The basic fundamental concepts behind snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use. Snorby is currently stable and ready for production environments.
This Fork of snorby includes Integration with Solera Networks’ Network Forensics Appliances and Software
Get Snorby:
git clone git@github.com:fracBlend/Snorby.git
Snorby Database Configuration:
You will need to edit and rename /config/database.yml.example to /config/database.yml Example Database Config: (spacing is important to .yml files and it will error if changed)
production: adapter: mysql database: name_of_snort_database_here username: my_user password: my_password host: localhost
Snorby Email Configuration:
You will need to edit and rename /config/email.yml.example to /config/email.yml Example Email Config: (spacing is important in .yml files and it will error if changed)
production: :address: smtp.gmail.com :port: 25 :authentication: plain :user_name: user :password: pass
for a relay setup simply:
production: :address: smtp.gmail.com :domain: localhost
If this is your first time installing Snorby, setup the snorby database and cron jobs with:
rake snorby:setup RAILS_ENV=production
Update:
rake snorby:update RAILS_ENV=production
Reset:
rake snorby:reset RAILS_ENV=production # ALL DATA WILL BE LOST
Gems
Snorby is packaged with the needed gems however you may need to install the following in some cases:
sudo gem install mysql sudo gem install prawn
Setup Snorby With Apache:
wiki.github.com/mephux/Snorby/snorby-recipe-with-barnyard2-unified2-and-apache-jjc
Start Snorby:
ruby script/server -e production -b 127.0.0.1 -p 80 -d -b = bind address [Default: loopback] -p = port number [Default: 3000] -e = environment -d = Run server as daemon
MAKE SURE IT IS RAN IN PRODUCTION MODE ONLY! SPEED!!!
-e production
The default User Name and Password for Snorby:
User: snorby Password: admin
PLEASE MAKE SURE YOU CHANGE THIS!
-
Link for dashboard graphs
-
Session view for events
-
Tune events
-
Better XML Support
-
Official Website: www.snorby.org
-
Snort Official Website: www.snort.org
-
Snort User Group: groups.google.com/group/snorby
-
IRC: #snorby - irc.freenode.net
Before contacting me directly, please read:
If you find a bug or a problem please post it on the snorby issues page. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.
Copyright © 2009 Dustin Willis Webber [www.Snorby.org], released under the GPL license