Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort DB stats

From: "Jason Lewis" <jlewis () packetnexus com>
Date: Thu, 22 Nov 2001 04:34:23 -0500
I am looking to create a script that runs from cron that summarizes info
from the DB and then emails the report.  I thought I would see if anyone is
doing anything like this already.  I know ACID does some of this, but I need
it to be automated.  I can get email anywhere.

For ex.

Top 10 IP's in the DB
Top 10 Attacks in the DB
Top 10 Attacks in the last hour

That kind of stuff.  I would really like some kind of intelligent pattern
matching, but I need to start somewhere to decide what exactly I want.  I
only have a vague idea and I think doing this report would help me figure
out what would be useful and what is noise.

Ideas, input, comments, am I crazy?

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: