[Snort-users] Snort DB stats

Guillaume guillaume at ...4029...
Thu Nov 22 01:49:02 EST 2001

En réponse à Jason Lewis <jlewis at ...2449...>:

> I am looking to create a script that runs from cron that summarizes
> info from the DB and then emails the report.  I thought I would see if anyone
> is doing anything like this already.  I know ACID does some of this, but I
> need it to be automated.  I can get email anywhere.
> For ex.
> Top 10 IP's in the DB
> Top 10 Attacks in the DB
> Top 10 Attacks in the last hour
> That kind of stuff.  I would really like some kind of intelligent
> pattern matching, but I need to start somewhere to decide what exactly I 
> want. 
> I only have a vague idea and I think doing this report would help me
> figure out what would be useful and what is noise.
> Ideas, input, comments, am I crazy?

Could be written in PERL using the DBI module. Not so hard I think...



Sent with HORDE/IMP

More information about the Snort-users mailing list