postmodern / Snorby forked from mephux/Snorby

A modern and clean Snort web front-end.

This URL has Read+Write access

Snorby /
name age
history
message
file .gitignore Sat Jul 25 15:21:06 -0700 2009 working on deploy for snorby.org demo [mephux]
file README.rdoc Mon Aug 10 16:38:34 -0700 2009 readme change [mephux]
file Rakefile Tue Jun 30 20:19:55 -0700 2009 env changes [mephux]
directory app/ Mon Aug 24 20:26:27 -0700 2009 Version Bump: 1.1.3 [mephux]
directory config/ Mon Aug 24 20:26:27 -0700 2009 Version Bump: 1.1.3 [mephux]
directory db/ Thu Aug 20 16:07:30 -0700 2009 Version Bump: 1.1.2 [mephux]
directory doc/ Sun Jun 21 19:19:13 -0700 2009 first commit [mephux]
directory lib/ Mon Aug 24 15:46:13 -0700 2009 change pie size for better use of pdf page [mephux]
directory public/ Mon Aug 24 20:26:27 -0700 2009 Version Bump: 1.1.3 [mephux]
directory script/ Sun Jun 21 19:19:13 -0700 2009 first commit [mephux]
directory test/ Fri Aug 07 22:07:25 -0700 2009 added global options per page and device name [mephux]
directory tmp/ Mon Jul 06 15:57:16 -0700 2009 fix up [mephux]
directory vendor/ Mon Aug 24 20:30:27 -0700 2009 unpack authlogic [mephux]
README.rdoc

Snorby - All about simplicity.

Snorby is a new and modern Snort IDS front-end. The basic fundamental concepts behind snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use. Snorby is currently stable and ready for production environments.

Snorby Setup

Get Snorby: 

 git clone git://github.com/mephux/Snorby.git

Snorby Database Configuration:

You will need to edit and rename /config/database.yml.example to /config/database.yml

Example Database Config: (spacing is important to .yml files and it will error if changed) 

 production:
   adapter: mysql
   database: name_of_snort_database_here
   username: my_user
   password: my_password
   host: localhost

Snorby Email Configuration:

You will need to edit and rename /config/email.yml.example to /config/email.yml

Example Email Config: (spacing is important in .yml files and it will error if changed) 

 production:
   :address: smtp.gmail.com
   :port: 25
   :authentication: plain
   :user_name: user
   :password: pass

for a relay setup simply: 

 production:
   :address: smtp.gmail.com
   :domain: localhost

If this is your first time installing Snorby, setup the snorby database and cron jobs with: 

 rake snorby:setup RAILS_ENV=production

Update: 

 rake snorby:update RAILS_ENV=production

Reset: 

 rake snorby:reset RAILS_ENV=production   # ALL DATA WILL BE LOST

Gems

Snorby is packaged with the needed gems however you may need to install the following in some cases: 

 sudo gem install mysql
 sudo gem install prawn

Setup Snorby With Apache:

wiki.github.com/mephux/Snorby/snorby-recipe-with-barnyard2-unified2-and-apache-jjc

Start Snorby: 

 ruby script/server -e production -b 127.0.0.1 -p 80 -d

 -b = bind address [Default: loopback]
 -p = port number [Default: 3000]
 -e = environment
 -d = Run server as daemon

MAKE SURE IT IS RAN IN PRODUCTION MODE ONLY! SPEED!!! 

 -e production

The default User Name and Password for Snorby: 

 User: snorby
 Password: admin

PLEASE MAKE SURE YOU CHANGE THIS!

TODO

  • Link for dashboard graphs
  • Session view for events
  • Tune events
  • Better XML Support

Helpful links

Before contacting me directly, please read:

If you find a bug or a problem please post it on the snorby issues page. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.

Copyright © 2009 Dustin Webber & Wes Garrison [www.Snorby.org], released under the GPL license