The SNORT GUI for displaying events

RazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. Snort should be configured to send data to syslog for razorback to display the data.

RazorBack is designed to work within the GNOME framework on Unix platforms.

RazorBack is an open source tool, available under the terms of the GNU Public Licence. InterSect Alliance welcome contributions from other authors, and thank Tomas Junnonen, creator of the FireStarter tool, as provider of the initial code skeleton.

Click for full size

The package is available in the following formats:

1.0.3 - for use with SNORT 1.8+ on /var/log/snort/alert
Compressed tar file: razorback-1.0.3.tar.gz
Source RPM: razorback-1.0.3-1.src.rpm
Binary i386 RPM: razorback-1.0.3-1.i386.rpm


1.0.2 - for use with SNORT SYSLOG entries (usually /var/log/messages)
Compressed tar file: razorback-1.0.2.tar.gz
Source RPM: razorback-1.0.2-1.src.rpm
Binary i386 RPM: razorback-1.0.2-1.i386.rpm

0.1 - February 2001 - Initial Release
0.1.1 - February 2001 - Preference Bug fixed - discovered by Colin Tinker.
0.2 - April 2001 - Removed the automatic column resize - Thanks to Lance Lassetter for the suggestion.
1.0 - July 2001 - Now out of beta cycle. Minor memory leak removed, now works with snort 1.8. - Suggested by Tim Gray
1.0.2 - July 2001 - Hostname lookup reimplemented - Suggested by Ralph Goers.
1.0.3 - July 2002 - Rewrite under arjuna IDE, including a new glade-based interface. Now operates of /var/log/snort/alert, rather than syslog, and detects and reacts to log file rotations.