FAQ

What is SAM Jr?

SAM Jr provides real-time analysis of Snort data. SAM Jr is written in Java and should run anywhere a modern JVM is available. SAM Jr will be extendable via plugins so that custom actions can be written easily.

What is the Threat Index Monitor?

SAM Jr has a unique feature called the Threat Index Monitor. The Threat Index Monitor helps weed out the true crackers from the rest of the noise. It does this by giving each source ip a score. The score takes into account the number of events and the number of hosts that source ip is attacking.

Sounds good. How do I run it?

On Windows and Mac OS X you can run it by double clicking on the samjr.jar file in the top level of the directory. On *nix boxes you can run it by executing "java -jar samjr.jar" from the command line (again in the main directory).

Can I run it from the command line - without the pretty gui?

Sure you can run it from the command line by executing "java -jar samjr.jar -nogui" from the command line (again in the main directory).

Do I need to open any holes in the firewall?

SAM Jr only makes outbound connections so if your firewall allows all outbound connections you are fine. If you do not allow all outbound connections you might need to open the following ports (depending on what features you are using). The following is a complete list of ports and what they are used for.

• 25 - SMTP
• 43 - whois
• 5222 - Jabber

I found a bug, who do I tell?

Please visit the project page on SourceForge.