[Snort-users] Snort Statistics

Real Cucumber monkcucumber at ...131...
Thu Jul 8 12:35:01 EDT 2004

Is there anyway to create statistics on snort data (in
packet logger mode text file directory of IP's) -
instead of going by the alert file?

One of my snort boxes never generates any alerts
because its sole purpose is to forward packets, and
its not running any services locally other than SSH
and even that is restricted to one NIC and protected
by IPtables.

Basically, I want to create a good summary of all the
traffic that has gone through this server (or
attempted to reach the server).

I create tcpdump logs and snort logs, but there is no
program I can find anywhere that will do good
statistics on either of them.

I've used ethereal on the tcpdump files and it doesn't
really generate a solid final report with graphs or
map out the most popular ips, or show which IP's
attempted port scans etc..

Snortalog and Snortsnarf don't work unless you have
alert files.


Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!

More information about the Snort-users mailing list