|
BASE, the Basic Analysis and Security Engine, is the standard-bearer of Web-based consoles. Web-based consoles are known for sluggishness, and BASE does not scale well to the enterprise level. BASE can slow down Snort on Knoppix-NSM as it has to log for BASE and "unified" for Barnyard. BASE is great for demonstration or educational purposes, but be aware of the cost to performance. You'll also find less pertinent information available in the console than you would with Sguil.
Still, Web-based consoles are convenient, and it never hurts to put a different perspective on events.
Ntop, or network top, which is also browser-based, illustrates ne...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
twork usage and status from a variety of perspectives. A standalone application that works separately from all Snort-related applications, ntop acts as the "statistician" for Knoppix-NSM. It allows you to sort/show network traffic according to many protocols/criteria, display and store traffic statistics, identify users and host OS, sort according to source/destination, and report IP protocol usage. It's worthy of a standalone installation, simply for the return on investment (much for nothing) and ease of use and installation.
[IMAGE] Ntop's wealth of network traffic data makes it invaluable as a Snort companion or standalone tool.
|
 |
|
