Snorby

Snort® is an open source network intrusion prevention and detection system (IDS/IPS)
Install it:
apt-get install snort-mysql
add to /etc/snort/snort.conf
output unified2: filename snort.log, limit 512

Snorby is a cute web-interface on «Ruby On Rails» and such beautiful and usable things like twitter-bootstrap
git clone http://github.com/Snorby/snorby.git
cd snorby
bundle install
set right mysql settings in config/database.yml
set right port, enviroment, pathes in config/snorby_config.yml
bundle exec rake snorby:setup
bundle exec rails server -e production

But how we can transfer data from snort's db to snorby's db ? Solution is Barnyard2
wget http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz
tar -zxf barnyard2-1.9.tar.gz && cd barnyard2-1.9
./configure --with-mysql
sudo make && sudo make install
sudo mv /usr/local/etc/barnyard2.conf /etc/snort
add in the end of /etc/snort/barnyard2.conf:

output database: log, mysql, user=snorby password=snorbypass dbname=snorby host=mysqlhostname sensor_name=sensor1

Launch barnyard2:

1
2
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \
 -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config

That's all, have a good time =)