[Snort-users] [Looking for] Open source reporting tool

Michael Boman michael.boman at ...4162...
Sun Feb 1 21:43:04 EST 2004


On Mon, 2004-02-02 at 12:24, Aaron wrote:
> For those playing the drinking game, please take a swig ahead of time 
> for me.
> 
> 
> For myself and anyone technical ACID is more than enough to generate 
> the data that is needed.
> 
> For upper management and end users (customers) however, a much 
> prettier and more generic tool is needed.  I have not found anything 
> opensource that makes dumbified pretty reports with statistical 
> graphs, pie charts and etc...
> 
> Yes, I know ACID sortof does this with JPGraph.  Well, not really.
> 
> I also found a few things that generate html reports from the alert 
> log.  I dont keep the alert log.  All the data is in the snort 
> database.
> 
> My company will not use snort unless they can see pretty graphs with 
> breakouts of all the attacks.  We used to use Crystal Reports against 
> ISS RealSecure, however both products are no longer supported 
> internally in order to cut costs.  I am not complaining, as they are 
> finally adopting and using open source software.  You have no idea 
> what a strange warm and fuzzy feeling that is.  Maybe it was the rum.
> 
> If you know of a tool that can generate from the database useful 
> information in the form of detailed graphs (with links to the 
> technical data), pie charts and everything that management and end 
> users would like to see, then please let me know.

Snort Report maybe? http://www.circuitsmaximus.com/

> Something that would be even better, would be a tool that could do all 
> previously mentioned things and can be configured to only give data 
> for a specific subnet or subnets, depending on who is browsing it. 
>  (Different configs in diff dirs, or username==, etc...)

Snort Report with some patching? I am sure the author/maintainer of the
software are willing to help as well, but probably for a small fee.

> P.S. - This tool would have to sift through data collected on circuits 
> pushing 500MB each... several of them... and they are external...  No 
> I am not smoking anything.

Are you sure about that? Anyway, haven't run Snort Report on anything of
that size, but I guess you will find out how well it handles it (or
not).

PS
 I have no association with the Snort Report guys what-so-ever, not even
using their software. I tried it once, and maybe it will match (some) of
your requirements.
DS

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT Pte Ltd
http://www.securecirt.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040201/b633a019/attachment.sig>


More information about the Snort-users mailing list