Snort mailing list archives
Snort Statistics
From: Real Cucumber <monkcucumber () yahoo com>
Date: Thu, 8 Jul 2004 12:33:52 -0700 (PDT)
Is there anyway to create statistics on snort data (in packet logger mode text file directory of IP's) - instead of going by the alert file? One of my snort boxes never generates any alerts because its sole purpose is to forward packets, and its not running any services locally other than SSH and even that is restricted to one NIC and protected by IPtables. Basically, I want to create a good summary of all the traffic that has gone through this server (or attempted to reach the server). I create tcpdump logs and snort logs, but there is no program I can find anywhere that will do good statistics on either of them. I've used ethereal on the tcpdump files and it doesn't really generate a solid final report with graphs or map out the most popular ips, or show which IP's attempted port scans etc.. Snortalog and Snortsnarf don't work unless you have alert files. HELP!!>!?!?! __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Statistics Real Cucumber (Jul 08)
- <Possible follow-ups>
- RE: Snort Statistics Kreimendahl, Chad J (Jul 08)
- Problem's with my snort DMZ sensor in another city Seth Art (Jul 20)