O'Reilly Open Source Convention - August 1-5, 2005 - Portland, Oregon
 Convention Coverage

Tutorial

Getting the Right Answers From Snort
Jeremy Brinkley, Lead Security Engineer, EDS

Track: Security
Date: Monday, August 1st, 2005
Time: 1:30pm - 5:00pm
Location: E141

Snort is one of the most widely deployed network intrusion detection systems (NIDS) in the world. Helpfully, all its (sometimes copious) data can be logged to a database; but not many security administrators are database experts. Tools like ACID can be used to perform general queries of the Snort database, but it's often desirable to do custom reporting or even write your own database interface.

In this tutorial, Brinkley shows how to use SQL to query the Snort database and provide an understanding of the tables necessary to get the most from the data. He covers constructing the appropriate queries to find unusual TCP flag combinations, query by subnet, and other things that may not be directly clear. In addition, Brinkley discusses some possible useful extensions (and how to create and use them) to the Snort schema to enable better custom reporting; and database administration tasks specially considered for Snort, such as making backups and controlling concurrency.

Although Brinkley's examples focus on MySQL, the tutorial will be useful to anyone using Snort.



Diamond Sponsors

Computer Associates International Inc., (CA)
Hewlett Packard
SpikeSource
Sun Microsystems

Platinum Sponsors

Novell, Inc.

Gold Sponsors

ActiveState
IBM
Ticketmaster

Silver Sponsors

ActiveGrid
Alfresco
Black Duck Software
CollabNet
Covalent Technologies
Google
GroundWork Open Source Solutions
Intel Corporation
Mergere, Inc.
Microsoft
Oracle
Palamida
SourceLabs
SugarCRM
Yahoo! Inc.
Zend Technologies, Inc.

Media Sponsors

boing boing
C/C++ Users Journal
DevtownStation News
Digital ID World
Enterprise Open Source Journal
Free Software Magazine
InsideMac Radio
Integration Developer News
Linux Journal
LinuxQuestions.org
Open Enterprise Trends
Queue
SDForum
Software Association of Oregon
Version Tracker
Wi-Fi Technology Forum
Women's Technology Cluster
WorldWIT

In-Kind Sponsors

Dell Inc.
Gibson
Griffin Technology
Harman Multimedia
Smugmug

Sponsors

OSCON 2005 Sponsor Opportunities — Email us at

Download the OSCON 05 Sponsor/Exhibitor Prospectus

OSCON 2005 Media Sponsor Opportunities — Call Margi Levin at 707-827-7184 or email at

Press and Media

For media-related inquiries, contact Suzanne Axtell at

Conference News

Want to receive conference news? Sign up for our email newsletter.

O'Reilly Home | Privacy Policy

© 2005, O'Reilly Media, Inc.