Snort mailing list archives

Previous By Date Next
Previous By Thread Next

A Report - Back-Up of Snort Database....!!

From: kamesh_rajaram () sify com
Date: Mon, 25 Feb 2002 14:28:43 +0600 (IST)
Hi Snort & DEMARC Users...!!
       This is with reference to obtaining an abstract(back-up) of the information available in the Snort NIDS 
database. Where there is heavy packet logging, a big database will reduce performance, when we are going to query it 
for very old information. My idea is to have the entire information of the packets only for a week or 10 days in the 
database. Packets older than that will be deleted. And, i am planning to develop a report generation tool that can 
retrieve:

The Unique Events and its total.
Number of attempts in each event type.
Total number of intrusions from every IP (say for every 6 hrs)
Total intrusions of a particular signature from every IP
And things like that....!!

All these details will be required to be stored periodically, Viz., on per hour basis, or every six hours, or every 
day, week or month. This will help in analysing the pattern of alerts, attacks...and who is repeatedly trying it..etc. 
The DEMARC console gives some of these details like the Top 6 IPs, Unique Events , etc. But, in my case, there is a 
need to send a report of it with different details periodically. That is the reason for the need for a report 
generation tool. For the older info, i am planning to create a new database, query from the snort database, and add the 
bare minimal information that is absolutely necessary to the new one...!! Is there such a scheme already in use..?? I 
seek ur giudance & lead in this regard.....

Bye,
Kamesh.
-------------------------------------------------
This mail helped a tree grow. Know more at http://green.sify.com

Take the shortest route to success! 
Click here to know how http://education.sify.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: