Re: Session statistics

["Andrew R. Baker" <andrewb () snort org>]

Erek Adams wrote:
> On Thu, 21 Aug 2003, John Creegan wrote:
>
> [...snip...]
>
>
> > I've searched the mail list archives and the snort website looking for
> > the tool I need, and have not yet found it.  Before I go off and create
> > this tool, I'd like to know if there already is a tool which can take
> > advantage of the session.log data to tell me:
> >     1. Who the top talkers are
> >     2. Where the hotspots on the network are.
> >
> > If not, I'm thinking about creating a table in the snort database and
> > then writing a bit of Perl to populate the table with the session stats.
> > I might then either write some php pages to add into ACID or write
> > stored procedures or even more Perl to do a bit of analysis.
> > Ultimately, I'd rather add the capability to ACID.
> >
> > Anyone know of a way I can do this with existing tools?
>
>
> Ntop [0]
> MRTG [1]
> RRDTool [2]
> Sniffer Pro [3]

While it does not use Snort's session.log, one program that may produce 
the data you want is:

ipaudit [4]

-A

> [0]     http://www.ntop.org/
> [1]     http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
> [2]     http://www.rrdtool.com/
> [3]     http://www.sniffer.com/
[4]    http://ipaudit.sourceforge.net/





-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users