[Snort-users] Collecting Snort statistics automatically

Paul Gillingwater paul at ...9449...
Fri Jun 27 01:11:14 EDT 2003


Just for fun, I thought it would be useful to collect some Snort statistics on 
a daily basis, and store them into Web pages.  Of course, this script can 
easily be modified to send them as email to yourself too.  It should run as 
root from cron, I suggest at 8 a.m. each morning.   Enjoy!

#!/bin/sh
# This script will extract Snort statistics 
# This script must run as root, usually daily at 8 a.m.
DATE=`/bin/date +"%Y-%m-%d"`
REPORTDIR=/home/httpd/data/reporting/snort
/usr/bin/tail -f /var/log/messages >/tmp/tmp$$ &
/bin/kill -s SIGUSR1 `cat /var/run/snort_eth0.pid`
# allow 4 seconds for the Snort to dump its stats to the logfile
/bin/sleep 4
# now stop the tail (and all other tails)
/usr/bin/killall tail 2>/dev/null
# Get the lines we need, and tidy it up
/bin/grep "snort-mysql" /tmp/tmp$$ >/tmp/delete$$
/bin/echo "<html><body><pre>Snort Statistics for $DATE" 
>$REPORTDIR/snortstats$DATE.htm
/bin/sed -e "s/.*snort-mysql: //" </tmp/delete$$ 
>>$REPORTDIR/snortstats$DATE.htm
/bin/echo "</pre></body></html>" >$REPORTDIR/snortstats$DATE.htm
# clean up our temp files
/bin/rm -f /tmp/tmp$$ /tmp/delete$$

-- 
*********************************
 Paul Gillingwater, BA, BSc, MBA
        Managing Director
 CSO Lanifex Unternehmensberatung
 & Softwareentwicklung G.m.b.H.
      NEW BUSINESS CONCEPTS

E-mail:  paul at ...9449...
Tel:     +43(1)2198222-20
Fax:     +43(1)2198222-11
Mobile:  +43(699)1922 3085
Webhome: http://www.lanifex.com/
Address: Praterstrasse 60/1/2
         A-1020 Vienna, Austria
*********************************








More information about the Snort-users mailing list