RE: Snort and Mysql for statistics purposes

[Bénoni MARTIN <Benoni.MARTIN () libertis ga>]

-----Message d'origine-----
De : Bénoni MARTIN 
Envoyé : mercredi 9 mars 2005 14:37
À : David Jiménez Domínguez; snort-users () lists sourceforge net; honeypots () securityfocus com; focus-ids () 
securityfocus com
Objet : RE: Snort and Mysql for statistics purposes

I can recommend you the famous Ntop for "Top ports, Top src_ip", and SnortSnarf for "Top attacks".

But you can create your own tool with Perl ... Good luck ;)


-----Message d'origine-----
De : David Jiménez Domínguez [mailto:djdsecurity () gmail com] Envoyé : mercredi 9 mars 2005 01:05 À : snort-users () 
lists sourceforge net; honeypots () securityfocus com; focus-ids () securityfocus com Objet : Snort and Mysql for 
statistics purposes

Hi folks!

I need to graph all the traffic in my network (Top ports, Top src_ip, Top attacks) each 5 minutes...In the DataServer I 
have intalled Mysql and in the firewall I have installed snort-2.3.0 and I created just 4 rules to get all the 
tcp,udp,icmp and ip traffic in order to graph it with perl and rrdtool and post it in a web page....

Do you think it is the best way to do that???
Have your ever done something like that?? What tools do you recommend me??
 
Regards 

DJ
--------------------------------------------------





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users