[Snort-users] Extracting reports per IP address

Kevin Johnson kjohnson at ...12400...
Tue Nov 14 22:46:08 EST 2006

On Nov 14, 2006, at 5:31 PM, Landon Stewart | Superb Internet Corp.  
> We provide shared hosting, colocation services and server rental.   
> We need to enforce our AUP more proactively and detect malicious  
> outgoing traffic before we get complaints about it.
> We are mirroring outgoing traffic for 3 quite large VLANS to a  
> machine with a GigE interface.  The machine is running snort.  I  
> have not even come close to figuring out which rules we want to  
> load yet.
> What I want to do to be able to generate a report on a regular  
> basis looking for all of our IP addresses that were the source of a  
> triggered event and report those events to the customer responsible  
> for that server.
> While BASE provides a good way of viewing whats in the snort  
> database it does not do what I need.  I'm having a lot of trouble  
> finding information on reporting because the snort database, while  
> optimized for speed, appears to be quite complex.


The BASE project team can try to help you.  Either contact me off  
list or we can move this to the BASE lists.


Kevin Johnson GCIA, GCIH, CISSP, CEH
Principal Consultant
Secure Ideas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061114/08edc22f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061114/08edc22f/attachment.sig>

More information about the Snort-users mailing list