[Snort-users] Snort Reporting Tools

jeremy chartier jeremy.chartier at ...953...
Fri May 16 05:40:02 EDT 2003


An if you are not satisfied with all these tools, try to use SNORTALOG 
available
at this URL : http://jeremy.chartier.free.fr/snortalog/

It's a powerfull scripts with which you can generate HTML reports with 
some charts
for a better visualization of what's happened on your network.

Regards,

>>On Thu, 2003-05-15 at 10:42, Vendl, Mark E. wrote:
>>    
>>
>>>All:
>>> 
>>>I use Puresecure for my management console and
>>>      
>>>
>>have 3 snort agents running
>>    
>>
>>>on my network.  Does anyone use, or know of, a
>>>      
>>>
>>good reporting tool for
>>    
>>
>>>snort?  By reporting, I mean something that I can
>>>      
>>>
>>give to upper management
>>    
>>
>>>to show them status of our ids.  My director has
>>>      
>>>
>>asked for something like
>>    
>>
>>>this for a weekly or monthly report *sigh*.  Any
>>>      
>>>
>>suggestions would be
>>    
>>
>>>excellent.
>>> 
>>>Thanks,
>>>Mark E. Vendl 
>>>Network Engineer 
>>>mvendl at ...9189...
>>>      
>>>
>
>Have a look at ACID?
>ACID can generate graphs with snort data from a
>database and can query on and between dates inputed by
>the user.
>I recently got it working and its a big hit with
>management.  They seem to like charts and graphs more
>than functionality.  Im not saying ACID doesnt have
>good functionality either, its a real nice tool.
>http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html
>
>If your not talking about numbers of alerts and
>traffic   and such maybe Nagios?  I havent looked at
>Nagios much.
>http://www.nagios.org/
>
>We were using a Razorback for a while.  All it does is
>read the alert log file though.
>http://www.intersectalliance.com/projects/RazorBack/index.html
>
>__________________________________
>Do you Yahoo!?
>The New Yahoo! Search - Faster. Easier. Bingo.
>http://search.yahoo.com
>
>
>-------------------------------------------------------
>Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
>The only event dedicated to issues related to Linux enterprise solutions
>www.enterpriselinuxforum.com
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>  
>







More information about the Snort-users mailing list