[Snort-users] automatically generate and email a daily report?

Lay, James james.lay at ...15009...
Mon Dec 12 16:23:38 EST 2011


> -----Original Message-----
> From: MLP SCADA [mailto:MLPSCADA at ...15411...]
> Sent: Monday, December 12, 2011 1:38 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] automatically generate and email a daily
report?
> 
> 
> Hey folks.
> 
> I've got snort/barnyard2 populating a mysql database.  I've got base
running as a front end.
> 
> What I'd like to do is automatically email a once a day summary of of
the last 24 hours unique alerts to the on-
> calls, similar to the unique daily summary that base provides.
> 
<snip> 
> What other options do folks use for a daily summary email to the
relevant folks?
> 
> Thanks!

I use the fast file as the method of finding alerts types....then send
that yesterdaysalerts.txt to yourself and away you go.  I have this run
in a cron job at 11:59 and am greeted with a slick email at 8 am
everyday with all the types of crud that happened the day before.
Season to taste for file locals...hope that helps.

James

#!/bin/bash
sudo grep `date +%m/%d` /var/log/all.fast |  awk ' { for (i=3; i<=NF;
i++) printf("%s ", $i); printf("\n") } ' | grep -v SHELLCODE | sed
s/Priority.*$// |  sed 's/\[$//' | sort -u > yesterdaysalerts.txt






More information about the Snort-users mailing list