SAM

One of the things that's been missing since I switched SAM (Snort Alert Monitor) from a java based GUI to a Ruby on Rails based web application is the ability to be notified when something exceptional happens. I've been working on the code over the last couple of weeks that would facilitate this but it's been slow going. When you have a half hour here and a half hour there you don't make much progress no matter how simple the task is. Well I'm happy to report that today I've checked in the necessary code to handle email based alerting.

There are two types are reports that are currently run. The first report is run every five minutes and will send out an email if the Threat Index goes over the level specified in the preferences panel. It's very simple at this point but it will improve as time goes on. The second type of report is a nightly report that gives a summary of the preceding day. It provides information similar to what is found on the dashboard only in an email format. This report also needs some work. Especially some nice clickable links so you can hop over to the site and get more information about what was happening at the time. I'm sure more will be added and it will definitely be polished up as time permits.

If you want to see the alerts in action simply check out the 0_5_0_branch from Subversion and set it up. You'll need to update your database by running "rake db:migrate" in the root directory of SAM. You'll also need to install the BackgrounDRb gem by running "gem install backgroundrb". And lastly you'll need to start BackgrounDRb by running "./script/backgroundrb -e production start" from the root directory of SAM. Don't forget to update the preferences page with the appropriate settings.

If you are looking for more complicated monitoring have a look at the API examples. Extending SAM is extremely simple and you are only limited by your imagination. I'm already working on some cool ways to consume the API that SAM exposes and I'd love to hear of ways others are using it.