[Snort-users] Snort Reporting Tools

Jason Boykin getmesecure at ...131...
Thu May 15 14:49:06 EDT 2003


> On Thu, 2003-05-15 at 10:42, Vendl, Mark E. wrote:
> > All:
> >  
> > I use Puresecure for my management console and
> have 3 snort agents running
> > on my network.  Does anyone use, or know of, a
> good reporting tool for
> > snort?  By reporting, I mean something that I can
> give to upper management
> > to show them status of our ids.  My director has
> asked for something like
> > this for a weekly or monthly report *sigh*.  Any
> suggestions would be
> > excellent.
> >  
> > Thanks,
> > Mark E. Vendl 
> > Network Engineer 
> > mvendl at ...9189...

Have a look at ACID?
ACID can generate graphs with snort data from a
database and can query on and between dates inputed by
the user.
I recently got it working and its a big hit with
management.  They seem to like charts and graphs more
than functionality.  Im not saying ACID doesnt have
good functionality either, its a real nice tool.
http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html

If your not talking about numbers of alerts and
traffic   and such maybe Nagios?  I havent looked at
Nagios much.
http://www.nagios.org/

We were using a Razorback for a while.  All it does is
read the alert log file though.
http://www.intersectalliance.com/projects/RazorBack/index.html

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com




More information about the Snort-users mailing list