Snort functionality I cant find?

[Derick Wong <dwong7676 () yahoo com>]

Greetings - 
I am looking for something in Snort that seems basically simple - so I think there should be a way to get this 
information - but I cant figure out how. Nor can I find a snort pre/post processor to do it. Any thoughts?
 
I would like to have snort run and tell me, in addition to the typical alert data, the amount of traffic that was OK. 
Ideally I'd be able to graph this to indicate the amount of total bandwidth consumed by attacks compared to the total 
throughput of the network monitored. ie, I'd run snort and be able to document "14% of data traversing the network is 
potentially malicious and essentially wasted".
 
I can probably calculate the same by examining interface stats on a regular basis while snort is running, and comparing 
that data to the information from the snort alerts,but it seems silly to calculate the volume when Snort is already 
looking at the data I want.
 
- Derick 

                
---------------------------------
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.