Snort packet and portscan.log cleanup utility?

[Ryan Hill <rhill () xypoint com>]

Evenin' folks.

Long-time listener, not very long time poster here - was wondering if anyone
has any cleanup scripts that will scan your /var/log/snort directory and
compare IP packet dump directories and portscan entries against a db you
specify to scrub datasets for false alarms.  Basically, I want to dump every
packet directory and portscan entry that doesn't have a matching IP in my db
(i.e. IP exists in db, leave alone - no IP exists dump or archive).

This kind of utility would be immensely helpful, as its pretty easy to keep
my DB clean via the management tools available, but I haven't seen any
scripts that will perform raw data scrubbing to get rid of packets and
portscan entries you're no longer interested in.

I'd write the darn thing myself, except I've got no skillz when it comes to
scripting...

P.S. Snort OWNZ!  Marty and contributing team have my eternal gratitude for
such a great IDS!  Where are the new logo t-shirts? I want a t-shirt with
the new logo on back and a front that says: "SCORE!" ;)

Thanks in advance,

Ryan Hill, MCSE 
IT Ninja
Corporate Information Systems
Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com
<http://www.telecomsys.com> 
v: 206.792.2276 - f: 206.792.2001
pgp: 0x17CE70AB