FAQ

What is SAM?

SAM is a program to monitor (in real-time) the number of alerts generated by Snort. Having recently set up Snort and ACID I felt like there was something missing. Snort was great for identifying suspicous traffic and ACID was great for digging in to the details but I needed something that was a little higher overview and able to sounds alarms if certain conditions were met. For instance if I was attacked 100 times in a 5 minutes period. SAM does not replace Snort or ACID but rather it compliments them.

How can SAM alert me that my thresholds have been crossed?

SAM has many ways of grabbing your attention. The first is the rather large stop light in the top left corner of the screen. The second is by playing a specific sound when a particuliar threshold is reached. Currently we are using HAL quotes, but you are welcome to change them to anything you like. They are rather obviously labeled in the sam/wav directory. The third way you can be notified is that an email can be sent to a specific person or group of persons. And lastly a plugin architecture is being planned where you can create your own creative way of alerting the appropriate people.

Sounds good. How do I run it?

On Windows you can run it by double clicking on the sam.bat file in the top level of the directory. On *nix boxes you can run it by executing sam from the command line (again in the main directory)

I found a bug, who do I tell?

Please visit the project page on SourceForge