Re: Snort Reporting Tools

[Jason Boykin <getmesecure () yahoo com>]

> On Thu, 2003-05-15 at 10:42, Vendl, Mark E. wrote:
> > All:
> >  
> > I use Puresecure for my management console and
> have 3 snort agents running
> > on my network.  Does anyone use, or know of, a
> good reporting tool for
> > snort?  By reporting, I mean something that I can
> give to upper management
> > to show them status of our ids.  My director has
> asked for something like
> > this for a weekly or monthly report *sigh*.  Any
> suggestions would be
> > excellent.
> >  
> > Thanks,
> > Mark E. Vendl 
> > Network Engineer 
> > mvendl () sidley com

Have a look at ACID?
ACID can generate graphs with snort data from a
database and can query on and between dates inputed by
the user.
I recently got it working and its a big hit with
management.  They seem to like charts and graphs more
than functionality.  Im not saying ACID doesnt have
good functionality either, its a real nice tool.
http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html

If your not talking about numbers of alerts and
traffic   and such maybe Nagios?  I havent looked at
Nagios much.
http://www.nagios.org/

We were using a Razorback for a while.  All it does is
read the alert log file though.
http://www.intersectalliance.com/projects/RazorBack/index.html

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com


-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users