[Snort-users] Session statistics

John Creegan jcreegan at ...9729...
Thu Aug 21 17:02:13 EDT 2003


After staying late last night to find out who on my network had been hit
with SoBig, I decided I needed a little bit of network analysis
capability.

I found the offending PC rapidly once I started snort with session
statistics in machine format.  A few greps, slices and sorts later I had
the beginnings of a network usage tool.

I've searched the mail list archives and the snort website looking for
the tool I need, and have not yet found it.  Before I go off and create
this tool, I'd like to know if there already is a tool which can take
advantage of the session.log data to tell me:
     1. Who the top talkers are
     2. Where the hotspots on the network are.

If not, I'm thinking about creating a table in the snort database and
then writing a bit of Perl to populate the table with the session stats.
 I might then either write some php pages to add into ACID or write
stored procedures or even more Perl to do a bit of analysis. 
Ultimately, I'd rather add the capability to ACID.

Anyone know of a way I can do this with existing tools?


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.





More information about the Snort-users mailing list