Intrusion Detection System Surveillance-SnortViewer

Intrusions into computer systems are on a rapid increase due to the explosion of the Internet and much efforts in curbing this intrusions have been thought of and have been applied but still in their infancy stage. The efforts yields what came to be known as Intrusions Detection Systems for which mainly identifies intrusions and then logs them. This makes it very difficult to identify intrusions and visualize due to large amount of data being logged and to find the alert one has to be physically on the station running the IDS and has to parse through tons of bytes .This thesis attempts to address this problem by the development of a web interface, SnortViewer. The SnortViewer involves Snort which is a rule-based Intrusion detection system which detects intrusions on the network wire and utilizes the MySQL for logging. This is the basis of knowing what is happening on the wire. Hypertext Preprocessor and Apache webserver are used in parsing into this huge logs in order to help in realtime visualization almost in real-time remotely.The SnortViewer involves detecting intrusions and others suspicious activities with Snort and then output them into a database. In order to allows distributed monitoring and surveillance of the activities the Hypertext Preprocessor parses the logs and then use the scripts to create dynamic web pages for which allows activities on the wire to be monitored on local area network or even remotely such as another province or another country. The client does not need an additional client program apart from commonly available web browsers in order to allow swiftly visualize net alerts from anywhere irrespective of the running operating system.The experiments were carried out with SnortViewer and described. The application is shown working on a busy network which is exposed to theInternet and successfully shows a swifter surveillance from different stations in the local area network and also remotely which is at almost same time the intrusions are happening on the network wire being monitored.