[Snort-users] RE: Snort and Mysql for statistics purposes

Bénoni MARTIN Benoni.MARTIN at ...13159...
Wed Mar 9 16:58:12 EST 2005


I can recommend you the famous Ntop for "Top ports, Top src_ip", and SnortSnarf for "Top attacks".

But you can create your own tool with Perl ... Good luck ;)


-----Message d'origine-----
De : David Jiménez Domínguez [mailto:djdsecurity at ...11827...] 
Envoyé : mercredi 9 mars 2005 01:05
À : snort-users at lists.sourceforge.net; honeypots at ...35...; focus-ids at ...3046...5...
Objet : Snort and Mysql for statistics purposes

Hi folks!

I need to graph all the traffic in my network (Top ports, Top src_ip, Top attacks) each 5 minutes...In the DataServer I have intalled Mysql and in the firewall I have installed snort-2.3.0 and I created just 4 rules to get all the tcp,udp,icmp and ip traffic in order to graph it with perl and rrdtool and post it in a web page....

Do you think it is the best way to do that???
Have your ever done something like that?? What tools do you recommend me??
 
Regards 

DJ
--------------------------------------------------






More information about the Snort-users mailing list