We said earlier Snort could wake up your systems administrator via SMS if need be; actually this isn’t strictly true. Snort does not have built-in capabilities to perform this function – but other freeware add-ons will do this for you. Such a system is Swatch which monitors log files and sends alerts via e-mail. If you have an e-mail-to-SMS gateway (like Telstra’s OnlineSMS) then it is a no-brainer to have these e-mails hop off the TCP/IP network and on to the mobile phone network.

Actually, there’s no shortage of add-ons for Snort. For those who like to know just what’s going on, try sguil which provides a TCL/TK GUI giving access to realtime events, data and raw packets while Snort is running. Alternatively, SnortSnarf will analyse Snort’s activity and render HTML output, suitable for posting to a private web site for easy monitoring.

Windows users should be sure also to try the disgustingly named snot.exe; this is a small tool to simulate network traffic. For our purposes, this means you can test your Snort rules by simulating the very traffic you wish to deny.

Remember too, just like anti-virus apps, intrusion detection systems need their rules to be kept current as new hostilities become known. The Snort web site contains regular ruleset updates, and additional community maintained rules can be downloaded from Bleeding Edge threats. More add-ons help in this area too; use Oinkmaster to keep your rules up to date, and SneakyMan to manually configure your Snort rules within a GNOME window. Finally, be sure to keep Snort itself up to date, being diligent to apply updates when they become available.