[Snort-users] Snort Statistics
Kreimendahl, Chad J
Chad.Kreimendahl at ...4716...
Thu Jul 8 15:08:01 EDT 2004
Are you speaking of what's returned from kill -USR1 ?
If not... there's also a perfmon package that prints details results at
From: Real Cucumber [mailto:monkcucumber at ...131...]
Sent: Thursday, July 08, 2004 2:34 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Statistics
Is there anyway to create statistics on snort data (in
packet logger mode text file directory of IP's) -
instead of going by the alert file?
One of my snort boxes never generates any alerts
because its sole purpose is to forward packets, and
its not running any services locally other than SSH
and even that is restricted to one NIC and protected
Basically, I want to create a good summary of all the
traffic that has gone through this server (or
attempted to reach the server).
I create tcpdump logs and snort logs, but there is no
program I can find anywhere that will do good
statistics on either of them.
I've used ethereal on the tcpdump files and it doesn't
really generate a solid final report with graphs or
map out the most popular ips, or show which IP's
attempted port scans etc..
Snortalog and Snortsnarf don't work unless you have
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users