<DIV>Greetings - </DIV>
<DIV>I am looking for something in Snort that seems basically simple - so I think there should be a way to get this information - but I cant figure out how. Nor can I find a snort pre/post processor to do it. Any thoughts?</DIV>
<DIV>I would like to have snort run and tell me, in addition to the typical alert data, the amount of traffic that was OK. Ideally I'd be able to graph this to indicate the amount of total bandwidth consumed by attacks compared to the total throughput of the network monitored. ie, I'd run snort and be able to document "14% of data traversing the network is potentially malicious and essentially wasted".</DIV>
<DIV>I can probably calculate the same by examining interface stats on a regular basis while snort is running, and comparing that data to the information from the snort alerts,but it seems silly to calculate the volume when Snort is already looking at the data I want.</DIV>
<DIV>- Derick </DIV><p>
<hr size=1><font face=arial size=-1>Do you Yahoo!?<br><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=24311/*http://promo.yahoo.com/sbc/">SBC Yahoo!</a> - Internet access at a great low price.