[Snort-users] snort log analyzers?

Kevin kevin at ...150...
Sun Sep 10 21:09:04 EDT 2000


I think snortsnarf makes the easiest reports to look at. A little work with
shell scripts and I get a easy to understand report for each day with the
alerts linked to their packet dumps. I'm thinking of creating a weekly and
monthly report too but I haven't gotten to it yet. I also update a current
report every 15 min. so I can see what's going on throughout the day. The
only drawback I've found is my box only has 64MB RAM and any alert files
with more than about 40k alerts run out of memory before the script
finishes.

----- Original Message -----
From: "Austad, Jay" <austad at ...432...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, September 08, 2000 8:53 PM
Subject: [Snort-users] snort log analyzers?


> I've found a few different analyzers for snort, what is the general
> consensus on the best one?  I'd prefer a nice HTML report that I can put
on
> a web page, and maybe makes pages with links to detailed data collect from
> the attacks.  Ideally I could dump data into postgresql and have some php
> scripts to do some detailed data mining type things.
>
>
>




More information about the Snort-users mailing list