Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Collecting Snort statistics automatically

From: Paul Gillingwater <paul () lanifex com>
Date: Fri, 27 Jun 2003 10:10:41 +0200
Just for fun, I thought it would be useful to collect some Snort statistics on 
a daily basis, and store them into Web pages.  Of course, this script can 
easily be modified to send them as email to yourself too.  It should run as 
root from cron, I suggest at 8 a.m. each morning.   Enjoy!

#!/bin/sh
# This script will extract Snort statistics 
# This script must run as root, usually daily at 8 a.m.
DATE=`/bin/date +"%Y-%m-%d"`
REPORTDIR=/home/httpd/data/reporting/snort
/usr/bin/tail -f /var/log/messages >/tmp/tmp$$ &
/bin/kill -s SIGUSR1 `cat /var/run/snort_eth0.pid`
# allow 4 seconds for the Snort to dump its stats to the logfile
/bin/sleep 4
# now stop the tail (and all other tails)
/usr/bin/killall tail 2>/dev/null
# Get the lines we need, and tidy it up
/bin/grep "snort-mysql" /tmp/tmp$$ >/tmp/delete$$
/bin/echo "<html><body><pre>Snort Statistics for $DATE" 

$REPORTDIR/snortstats$DATE.htm

/bin/sed -e "s/.*snort-mysql: //" </tmp/delete$$ 

$REPORTDIR/snortstats$DATE.htm

/bin/echo "</pre></body></html>" >$REPORTDIR/snortstats$DATE.htm
# clean up our temp files
/bin/rm -f /tmp/tmp$$ /tmp/delete$$

-- 
*********************************
 Paul Gillingwater, BA, BSc, MBA
        Managing Director
 CSO Lanifex Unternehmensberatung
 & Softwareentwicklung G.m.b.H.
      NEW BUSINESS CONCEPTS

E-mail:  paul () lanifex com
Tel:     +43(1)2198222-20
Fax:     +43(1)2198222-11
Mobile:  +43(699)1922 3085
Webhome: http://www.lanifex.com/
Address: Praterstrasse 60/1/2
         A-1020 Vienna, Austria
*********************************






-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: