[Snort-users] Snort DB stats
jlewis at ...2449...
Thu Nov 22 01:32:03 EST 2001
I am looking to create a script that runs from cron that summarizes info
from the DB and then emails the report. I thought I would see if anyone is
doing anything like this already. I know ACID does some of this, but I need
it to be automated. I can get email anywhere.
Top 10 IP's in the DB
Top 10 Attacks in the DB
Top 10 Attacks in the last hour
That kind of stuff. I would really like some kind of intelligent pattern
matching, but I need to start somewhere to decide what exactly I want. I
only have a vague idea and I think doing this report would help me figure
out what would be useful and what is noise.
Ideas, input, comments, am I crazy?
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.
More information about the Snort-users