Snort mailing list archives

Re: [Looking for] Open source reporting tool

From: Michael Boman <michael.boman () securecirt com>
Date: Mon, 02 Feb 2004 13:42:39 +0800

On Mon, 2004-02-02 at 12:24, Aaron wrote:

For those playing the drinking game, please take a swig ahead of time 
for me.


For myself and anyone technical ACID is more than enough to generate 
the data that is needed.

For upper management and end users (customers) however, a much 
prettier and more generic tool is needed.  I have not found anything 
opensource that makes dumbified pretty reports with statistical 
graphs, pie charts and etc...

Yes, I know ACID sortof does this with JPGraph.  Well, not really.

I also found a few things that generate html reports from the alert 
log.  I dont keep the alert log.  All the data is in the snort 
database.

My company will not use snort unless they can see pretty graphs with 
breakouts of all the attacks.  We used to use Crystal Reports against 
ISS RealSecure, however both products are no longer supported 
internally in order to cut costs.  I am not complaining, as they are 
finally adopting and using open source software.  You have no idea 
what a strange warm and fuzzy feeling that is.  Maybe it was the rum.

If you know of a tool that can generate from the database useful 
information in the form of detailed graphs (with links to the 
technical data), pie charts and everything that management and end 
users would like to see, then please let me know.


Snort Report maybe? http://www.circuitsmaximus.com/

Something that would be even better, would be a tool that could do all 
previously mentioned things and can be configured to only give data 
for a specific subnet or subnets, depending on who is browsing it. 
 (Different configs in diff dirs, or username==, etc...)


Snort Report with some patching? I am sure the author/maintainer of the
software are willing to help as well, but probably for a small fee.

P.S. - This tool would have to sift through data collected on circuits 
pushing 500MB each... several of them... and they are external...  No 
I am not smoking anything.


Are you sure about that? Anyway, haven't run Snort Report on anything of
that size, but I guess you will find out how well it handles it (or
not).

PS
 I have no association with the Snort Report guys what-so-ever, not even
using their software. I tried it once, and maybe it will match (some) of
your requirements.
DS

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT Pte Ltd
http://www.securecirt.com

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

[Looking for] Open source reporting tool Aaron (Feb 01)
- Re: [Looking for] Open source reporting tool Michael Boman (Feb 01)
- <Possible follow-ups>
- Re: [Looking for] Open source reporting tool Aaron (Feb 02)