Re: Extracting reports per IP address

[Kevin Johnson <kjohnson () secureideas net>]

On Nov 14, 2006, at 5:31 PM, Landon Stewart | Superb Internet Corp.  
wrote:
> We provide shared hosting, colocation services and server rental.   
> We need to enforce our AUP more proactively and detect malicious  
> outgoing traffic before we get complaints about it.
>
> We are mirroring outgoing traffic for 3 quite large VLANS to a  
> machine with a GigE interface.  The machine is running snort.  I  
> have not even come close to figuring out which rules we want to  
> load yet.
>
> What I want to do to be able to generate a report on a regular  
> basis looking for all of our IP addresses that were the source of a  
> triggered event and report those events to the customer responsible  
> for that server.
>
> While BASE provides a good way of viewing whats in the snort  
> database it does not do what I need.  I'm having a lot of trouble  
> finding information on reporting because the snort database, while  
> optimized for speed, appears to be quite complex.

Hi-

The BASE project team can try to help you.  Either contact me off  
list or we can move this to the BASE lists.

Kevin

Kevin Johnson GCIA, GCIH, CISSP, CEH
Principal Consultant
Secure Ideas

Attachment: PGP.sig
Description: This is a digitally signed message part

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users