Snort mailing list archives

Re: Snort DB stats

From: Guillaume <guillaume () anteria fr>
Date: Thu, 22 Nov 2001 10:54:00 +0100 (CET)

En réponse à Jason Lewis <jlewis () packetnexus com>:

I am looking to create a script that runs from cron that summarizes
info from the DB and then emails the report.  I thought I would see if anyone
is doing anything like this already.  I know ACID does some of this, but I
need it to be automated.  I can get email anywhere.

For ex.

Top 10 IP's in the DB
Top 10 Attacks in the DB
Top 10 Attacks in the last hour

That kind of stuff.  I would really like some kind of intelligent
pattern matching, but I need to start somewhere to decide what exactly I 
want. 
I only have a vague idea and I think doing this report would help me
figure out what would be useful and what is noise.

Ideas, input, comments, am I crazy?



Could be written in PERL using the DBI module. Not so hard I think...

Regards,

Guillaume.

**********************************
Sent with HORDE/IMP

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort DB stats Jason Lewis (Nov 22)
- Re: Snort DB stats Guillaume (Nov 22)
- Re: Snort DB stats Edwin Eefting (Nov 22)
  - Re: Snort DB stats Roberto Suarez Soto (Nov 22)