Snort & Nagios
I put it off for awhile, but I finally got around to getting Snort up and running. It was actually pretty easy to get it working. Since I’m using OpenBSD all I had to do was:
# pkg_add snort-2.6.0.2p1-mysql
And then it was installed. I used Oinkmaster to download the rules I needed, and it all just worked. Now I need to work on configuring some kind of user interface to make going through the logs easier. At this point I’ve got 600K of logs to browse for a single day’s activity. I know there are some nice GUI’s out there to make this easier, so when I get a chance, I’ll look into that and find something useful.
On another topic, I’ve also finally gotten around to getting Nagios setup. I’m tweaking what I want monitored and what kind of alerts I want to get. I’m going through all our mission-critical systems and figuring out what I want to monitor so I can catch any problems before they become problems. Once I get the monitoring setup, I need to figure out how I want to be alerted. I’m thinking I’ll use SMS. With my current phone plan it will be cheaper than having my phone check email on a regular basis. I wonder if Snort and Nagios can work together? It doesn’t seem so far fetched that I could configure snort to send alerts for specific rules to Nagios. It’s worth looking into.