[Snort-users] Snort DB stats

Jason Lewis jlewis at ...2449...
Thu Nov 22 01:32:03 EST 2001


I am looking to create a script that runs from cron that summarizes info
from the DB and then emails the report.  I thought I would see if anyone is
doing anything like this already.  I know ACID does some of this, but I need
it to be automated.  I can get email anywhere.

For ex.

Top 10 IP's in the DB
Top 10 Attacks in the DB
Top 10 Attacks in the last hour

That kind of stuff.  I would really like some kind of intelligent pattern
matching, but I need to start somewhere to decide what exactly I want.  I
only have a vague idea and I think doing this report would help me figure
out what would be useful and what is noise.

Ideas, input, comments, am I crazy?

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.







More information about the Snort-users mailing list