Last week we brought you Graylog2 which takes the otherwise boring job of log monitoring and provides some pretty slick searching, filtering, and visualization. Dustin Webber aims to do the same for network security monitoring with Snorby, a Rails application front-end for Snort, Suricata, and Sagan.
Snorby boasts a robust set of features including:
- Metrics & Reports - Drill down into your data by day, week, month, or custom timetables and even export to PDF.
- Classify events into a number of predefined classifications or create your own
- Full packet and session data monitoring using OpenFPC, Solera DS Appliances, and Solera’s DeepSee
- Keyboard friendly hotkeys let you navigate the interface without a mouse
- Extensibility via third party plugins
Check the Snorby web site for instructions on installing from source.
Try before you spy
If you’d like to play around with the Snorby interface, there is a live demo:
- URL: http://demo.snorby.org
- Username: firstname.lastname@example.org
- Password: snorby