Intrusion Detection Part — 5

Update: This article is part of a series. Check out the full series: Part 1, Part 2, Part 3, Part 4, Part 5!

Welcome to module 5 of this workshop, so far in this workshop, we have been playing on the command line. A line to help you monitor what snort is doing in the background. Let’s present the front end application which you can use to monitor the intrusion attempts captured by Snort.

We strongly recommend that you should first complete the previous four modules before starting this module of the workshop.

Monitoring Packets with BASE stands for Basic Analysis and Security Engine. It is a web-based tool to display and filter all events captured by Snort.

Download the BASE tool from link http://base.secureideas.net/.

BASE needs some other files and dependencies to work properly, and the first one is adodb, the PHP database abstraction library.

After installing the dependencies and the package, point your web browser to http://<your_snort_server>/base and the first configuration screen should be displayed as below.