[Snort-users] Session statistics

Erek Adams erek at ...950...
Thu Aug 21 17:35:22 EDT 2003


On Thu, 21 Aug 2003, John Creegan wrote:

[...snip...]

> I've searched the mail list archives and the snort website looking for
> the tool I need, and have not yet found it.  Before I go off and create
> this tool, I'd like to know if there already is a tool which can take
> advantage of the session.log data to tell me:
>      1. Who the top talkers are
>      2. Where the hotspots on the network are.
>
> If not, I'm thinking about creating a table in the snort database and
> then writing a bit of Perl to populate the table with the session stats.
>  I might then either write some php pages to add into ACID or write
> stored procedures or even more Perl to do a bit of analysis.
> Ultimately, I'd rather add the capability to ACID.
>
> Anyone know of a way I can do this with existing tools?

Ntop [0]
MRTG [1]
RRDTool [2]
Sniffer Pro [3]

Sniffer Pro is exactly what you want, it's just not cheap.  MRTG and
RRDTool would have to be massaged a bit to make them work like you want.
Ntop might be the closest thing...

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.ntop.org/
[1]	http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
[2]	http://www.rrdtool.com/
[3]	http://www.sniffer.com/




More information about the Snort-users mailing list