[Snort-users] Display snort info at user login

Seth sethsec at ...11827...
Fri Jun 6 14:09:43 EDT 2008

I was recently playing around with my .bash_profile script and ended
up with a couple of pretty simple functions that produce the following
output whenever I log into one of my snort box's:

Last login: Thu May 29 16:27:36 2008 from xxxxxxxx
-------------- Snort Installation Detected -----------------
The most recent snort rules on this machine were updated on:
                    ******* May 30 *******
If the date above is more than 1 month old, run oinkmaster
manually and verify it completes without error.
Snort % Pkts dropped and mbits/sec for the last 20 minutes
Dropped Packets = 0.000 Mbps = 4.672
Dropped Packets = 0.000 Mbps = 4.796
Dropped Packets = 0.000 Mbps = 4.369
Dropped Packets = 0.000 Mbps = 5.071

Even though the information is reactive (no alerts are sent, you just
get some additional info when you log in to the box), I have found it
to be very useful.  I searched the web for a while and haven't found
any similar examples, so I figured I would publish it and share with
the list.

The full write up is here:

Let me know what you think and if you have any suggestions.


More information about the Snort-users mailing list