|< Day Day Up >|
11.3 SnortCenter Management Console
SnortCenter is a web-based client-server management system written in PHP and Perl. It interfaces with a local web server—preferably Apache, but almost any other Unix-based web server works. SnortCenter assists in configuring Snort and in keeping all signatures current on the system. The management console portion of SnortCenter builds the configuration files and pushes them out to remote sensors. Alhough Version 1.0 of SnortCenter has just been released at the time of this writing, it already shows promise. This web-based interface is designed to be used with ACID. While ACID displays the results of alerts collected using Snort, SnortCenter provides an easy-to-use management tool for administering the Snort rule sets and remote sensors. It is intended primarily as a means of keeping Snort up-to-date via a web interface rather than the command line. It interacts well with most other utilities described in previous chapters. An outline of SnortCenter's interaction with other IDS tools is shown in Figure 11-1.
Figure 11-1. A sample network layout using Snort, ACID, SnortCenter, and other described IDS tools
A single SnortCenter install is all that is required for managing a lone IDS system or for controlling multiple remote sensors. These sensors are placed throughout the local area network (LAN) or on machines across the wide area network (WAN). The sensors report all suspicious packets to the central management console where they are gathered, processed, and displayed on the ACID console.
Here are some of the features of the SnortCenter management console:
|< Day Day Up >|