[Snort-users] automatically generate and email a daily report?

MLP SCADA MLPSCADA at ...15411...
Mon Dec 12 15:38:09 EST 2011


Hey folks.

I've got snort/barnyard2 populating a mysql database.  I've got base running as a front end.  

What I'd like to do is automatically email a once a day summary of of the last 24 hours unique alerts to the on-calls, similar to the unique daily summary that base provides.

Base will do the email but it's a manual process, unless I'm missing something.

Google shows some stuff that you can cron (usually in perl), but the discussions are all pretty old, and the majority of them want to process syslog files instead of mysql.

This looked interesting:

http://www.the-tech-tutorial.com/?p=929

Until I saw it was debian only; there was no analogue in my SciLinux installed-from-source snort setup.

Snorby looked interesting until I saw it required a whole RoR ecosystem; life is complicated enough as it is.

Splunk won't tell you how much it'll cost (even ballpark) without having to call some salesman, so that's out.

What other options do folks use for a daily summary email to the relevant folks?

Thanks!






More information about the Snort-users mailing list