[Snort-users] [Looking for] Open source reporting tool
michael.boman at ...4162...
Sun Feb 1 21:43:04 EST 2004
On Mon, 2004-02-02 at 12:24, Aaron wrote:
> For those playing the drinking game, please take a swig ahead of time
> for me.
> For myself and anyone technical ACID is more than enough to generate
> the data that is needed.
> For upper management and end users (customers) however, a much
> prettier and more generic tool is needed. I have not found anything
> opensource that makes dumbified pretty reports with statistical
> graphs, pie charts and etc...
> Yes, I know ACID sortof does this with JPGraph. Well, not really.
> I also found a few things that generate html reports from the alert
> log. I dont keep the alert log. All the data is in the snort
> My company will not use snort unless they can see pretty graphs with
> breakouts of all the attacks. We used to use Crystal Reports against
> ISS RealSecure, however both products are no longer supported
> internally in order to cut costs. I am not complaining, as they are
> finally adopting and using open source software. You have no idea
> what a strange warm and fuzzy feeling that is. Maybe it was the rum.
> If you know of a tool that can generate from the database useful
> information in the form of detailed graphs (with links to the
> technical data), pie charts and everything that management and end
> users would like to see, then please let me know.
Snort Report maybe? http://www.circuitsmaximus.com/
> Something that would be even better, would be a tool that could do all
> previously mentioned things and can be configured to only give data
> for a specific subnet or subnets, depending on who is browsing it.
> (Different configs in diff dirs, or username==, etc...)
Snort Report with some patching? I am sure the author/maintainer of the
software are willing to help as well, but probably for a small fee.
> P.S. - This tool would have to sift through data collected on circuits
> pushing 500MB each... several of them... and they are external... No
> I am not smoking anything.
Are you sure about that? Anyway, haven't run Snort Report on anything of
that size, but I guess you will find out how well it handles it (or
I have no association with the Snort Report guys what-so-ever, not even
using their software. I tried it once, and maybe it will match (some) of
Security Architect, SecureCiRT Pte Ltd
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users