Snorby & Snort is up and running

Finally I setup my home IDS: Snort & Snorby on top.
The goal: to see what is going on in my Internet traffic, is there anything interesting.
Also Snort output will be collected by home Splunk instance.
The screenshot below shows only test events, nothing serious 🙂

I used this guide: Home IDS with Snort And Snorby
It is pretty detailed though it has some typos and omission. Step-by-step does not give you a working environment since one important thing is not mentioned:
Barnyard and Snorby have to use the same database! I am thinking to produce a better guide, will see.


Leave a comment