Snort mailing list archives
Re: Snort DB stats
From: Guillaume <guillaume () anteria fr>
Date: Thu, 22 Nov 2001 10:54:00 +0100 (CET)
En réponse à Jason Lewis <jlewis () packetnexus com>:
I am looking to create a script that runs from cron that summarizes info from the DB and then emails the report. I thought I would see if anyone is doing anything like this already. I know ACID does some of this, but I need it to be automated. I can get email anywhere. For ex. Top 10 IP's in the DB Top 10 Attacks in the DB Top 10 Attacks in the last hour That kind of stuff. I would really like some kind of intelligent pattern matching, but I need to start somewhere to decide what exactly I want. I only have a vague idea and I think doing this report would help me figure out what would be useful and what is noise. Ideas, input, comments, am I crazy?
Could be written in PERL using the DBI module. Not so hard I think... Regards, Guillaume. ********************************** Sent with HORDE/IMP _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort DB stats Jason Lewis (Nov 22)
- Re: Snort DB stats Guillaume (Nov 22)
- Re: Snort DB stats Edwin Eefting (Nov 22)
- Re: Snort DB stats Roberto Suarez Soto (Nov 22)