Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Ruby On Rails Application For Network Security Monitoring
Ruby JavaScript

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.


Important Note

Snorby is currently in alpha stages and is not ready for production environments. (11/30/2010)


Snorby is a ruby on rails web application for network security monitoring that interfaces with current popular intrusion detection systems (Snort, Suricata and Saga). The basic fundamental concepts behind Snorby are simplicity, organization and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use.



  • Snort
  • Ruby >= 1.9.2
  • Rails >= 3.0.0
  • ImageMagick >= 6.6.4-5


  • Install ImageMagick

    • Mac OSX:

      brew install imagemagick

    • Linux:

      apt-get install imagemagick

  • Install Gem Dependencies (make sure you have bundler installed: gem install bundler)

    bundle install

  • Install wkhtmltopdf

    pdfkit --install-wkhtmltopdf # If this fails - visit for more information

  • Get Snorby from the download section or use the latest edge release via git.

    git clone git://

  • Install Gem Dependencies (inside the root Snorby directory)

    $ bundle install

  • Run The Snorby Setup

    rake snorby:setup

    ** Note ** If you get the following error: No such file or directory - /root/snorby/tmp/snorby_packaged_uncompressed.js Create the following directories in the Snorby root dir: log/ & tmp/

  • Edit The Snorby Configuration File


  • Edit The Snorby Mail Configurations


  • Once all options have been configured and snorby is up and running

    • Make sure you start the Snorby Worker from the Administration page.
    • Make sure that both the DailyCache and SensorCache jobs are running.
  • Default User Credentials

Helpful Commands

You can open the rails console at anytime and interact with the Snorby environment. Below are a few helpful commands that may be useful:

  • Open the rails console by typing rails c in the Snorby root directory
  • You should never really need to run the below commands. They are all available within the Snorby interface but documented here just in case.

Snorby Worker

Snorby::Worker.stop      # Stop The Snorby Worker
Snorby::Worker.start     # Start The Snorby Worker
Snorby::Worker.restart   # Restart The Snorby Worker

Snorby Cache Jobs

# This will manually run the sensor cache job - pass true or false for verbose output`

# This will manually run the daily cache job - once again passing true or false for verbose output

# Clear All Snorby Cache - You must pass true to this method call for confirmation.

# If the Snorby worker is running this will start the cache jobs and set the run_at time for the current time.

Coming Soon

  • Full Packet Capture (OpenFPC)

Snorby Team

  • Dustin Willis Webber


Snorby - All About Simplicity.

Copyright (c) 2010 Dustin Willis Webber (dustin.webber at

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

Something went wrong with that request. Please try again.