Discussion:
Best Distro for SNORT
(too old to reply)
Chris
2005-07-22 02:51:37 UTC
Permalink
Greets Group,

I was wondering if anyone could point me in the right direction for choosing
the best Linux Distro to run SNORT on. My main intention is to log HTTP
access per my employer's request, but I also want to monitor abnormal
traffic behind the firewall. Also, I want to set up ACID so that I can
monitor the log from any machine on our network.

Thus far I have experimented with SUSE, Mandrake, Fedora, and Ubuntu, BUT I
have not run SNORT on any of the recent distros. In fact, I last ran SNORT
on an IBM token ring network several years back using Red Hat, so my SNORT
skills are pretty rusty.

The machine of choice to run SNORT will probably be an Athlon 1400 with 256
megabytes of RAM because I have loads of them up for replacement this year.

Any advise on your favorite distro is greatly appreciated!

Thanks,

Chris
Dan C
2005-07-22 03:35:39 UTC
Permalink
Post by Chris
I was wondering if anyone could point me in the right direction for choosing
the best Linux Distro to run SNORT on. My main intention is to log HTTP
access per my employer's request, but I also want to monitor abnormal
traffic behind the firewall. Also, I want to set up ACID so that I can
monitor the log from any machine on our network.
Doesn't make any difference which distro you use. Choose the one that
you're comfortable with. Personally, I'd go with Slackware.
--
If you're not on the edge, you're taking up too much space.
Linux Registered User #327951
Chris
2005-07-22 03:39:05 UTC
Permalink
Post by Dan C
Post by Chris
I was wondering if anyone could point me in the right direction for choosing
the best Linux Distro to run SNORT on. My main intention is to log HTTP
access per my employer's request, but I also want to monitor abnormal
traffic behind the firewall. Also, I want to set up ACID so that I can
monitor the log from any machine on our network.
Doesn't make any difference which distro you use. Choose the one that
you're comfortable with. Personally, I'd go with Slackware.
I never considered Slackware, but I am going to download it and have a go at
it! As for comfort, I am not scared to read, try, and learn.

I am chastized by my IT staff because I take the extra time to read and test
because I like to do things right the first time! Naturally, they are
closed minded Windows Server 2003/XP Pro. users, whereas I like to try
different things!

Thanks for another Distro recommendation.

Chris B.
Enkidu
2005-07-22 09:28:11 UTC
Permalink
Post by Chris
Post by Dan C
Post by Chris
I was wondering if anyone could point me in the right direction for choosing
the best Linux Distro to run SNORT on. My main intention is to log HTTP
access per my employer's request, but I also want to monitor abnormal
traffic behind the firewall. Also, I want to set up ACID so that I can
monitor the log from any machine on our network.
Doesn't make any difference which distro you use. Choose the one that
you're comfortable with. Personally, I'd go with Slackware.
I never considered Slackware, but I am going to download it and have a go at
it! As for comfort, I am not scared to read, try, and learn.
I am chastized by my IT staff because I take the extra time to read and test
because I like to do things right the first time! Naturally, they are
closed minded Windows Server 2003/XP Pro. users, whereas I like to try
different things!
Thanks for another Distro recommendation.
Like Chris said, it *doesn't matter* which distro. You could
probably run SNORT on Windows (I haven't checked).

Cheers,

Cliff
--
Barzoomian the Martian - http://barzoomian.blogspot.com
Michael Hearne
2005-08-02 05:36:03 UTC
Permalink
Post by Chris
Post by Dan C
Post by Chris
I was wondering if anyone could point me in the right direction for choosing
the best Linux Distro to run SNORT on. My main intention is to log HTTP
access per my employer's request, but I also want to monitor abnormal
traffic behind the firewall. Also, I want to set up ACID so that I can
monitor the log from any machine on our network.
Doesn't make any difference which distro you use. Choose the one that
you're comfortable with. Personally, I'd go with Slackware.
I never considered Slackware, but I am going to download it and have a go at
it! As for comfort, I am not scared to read, try, and learn.
I am chastized by my IT staff because I take the extra time to read and test
because I like to do things right the first time! Naturally, they are
closed minded Windows Server 2003/XP Pro. users, whereas I like to try
different things!
Thanks for another Distro recommendation.
Like Chris said, it *doesn't matter* which distro. You could probably
run SNORT on Windows (I haven't checked).
Cheers,
Cliff
Well, Cliff, I was going to say that you were mistaken, but I would have
been wrong. Here are the Snort binaries for Windows:

http://www.snort.org/dl/binaries/win32/

Michael
--
RLU #352695
35.14N - 101.50W
Public Key 0x01774F35
Enkidu
2005-08-02 10:49:33 UTC
Permalink
Post by Michael Hearne
Post by Chris
Post by Dan C
Post by Chris
I was wondering if anyone could point me in the right direction for choosing
the best Linux Distro to run SNORT on. My main intention is to log HTTP
access per my employer's request, but I also want to monitor abnormal
traffic behind the firewall. Also, I want to set up ACID so that I can
monitor the log from any machine on our network.
Doesn't make any difference which distro you use. Choose the one that
you're comfortable with. Personally, I'd go with Slackware.
I never considered Slackware, but I am going to download it and have a go at
it! As for comfort, I am not scared to read, try, and learn.
I am chastized by my IT staff because I take the extra time to read and test
because I like to do things right the first time! Naturally, they are
closed minded Windows Server 2003/XP Pro. users, whereas I like to try
different things!
Thanks for another Distro recommendation.
Like Chris said, it *doesn't matter* which distro. You could probably
run SNORT on Windows (I haven't checked).
Well, Cliff, I was going to say that you were mistaken, but I would have
http://www.snort.org/dl/binaries/win32/
I believe that I did run snort on Windows but wasn't sure
enough to say. I believe that you need a pcap library as well.

Cheers,

Cliff
--
Barzoomian the Martian - http://barzoomian.blogspot.com
Richard Polhill
2005-08-02 11:37:28 UTC
Permalink
Post by Enkidu
I believe that I did run snort on Windows but wasn't sure
enough to say. I believe that you need a pcap library as well.
I have. It works. Yes you do.
--
Rich P
Replace .invalid with .com to reply.
Continue reading on narkive:
Loading...