Re: Snort + HTSQL dashboard application

[Dan Ferris <dferris () prometheusresearch com>]

Here's another HTSQL example.

This will make a quick (and probably mostly unuseful in this form) 
blacklist of all source IPs that have created high severity events. In 
this case the firewall would be ipfw on FreeBSD, but you could of course 
easily do the same thing with iptables.

$server='http://snort.htsql.org';
$htsql='/distinct(event{inet(iphdr.ip_src)}?signature.sig_priority=1)/:csv';

use LWP::Simple;

$result = get $server . $htsql;
@result = split(/\r\n/, $result);

shift(@result); #get rid of the column names

foreach $ip (@result)
{
     print "Blocking $ip\n";
     system("ipfw add deny all from $ip to any");
}

On 5/5/2011 4:01 PM, Martin Holste wrote:
> Any kind of tech like that is interesting to me.  I think I'm missing
> why HTSQL is easier for the "accidental programmer."  Isn't it
> functionally equivalent to myapp/?sql=<some sql query>  with a fair
> amount of validation?
>
> On Thu, May 5, 2011 at 4:21 PM, Dan Ferris
> <dferris () prometheusresearch com>  wrote:
> > Thanks for checking. :)
> >
> > So, is it interesting/uninteresting?  I'm curious what others think.
> >
> > Dan
> >
> > On 5/5/2011 2:44 PM, waldo kitty wrote:
> > > On 5/5/2011 16:15, Martin Holste wrote:
> > > > Really?  Weird.  Worked fine on FF4.
> > > >
> > > > On Thu, May 5, 2011 at 9:14 AM, Lay, James<james.lay () wincofoods com>     wrote:
> > > > > http://htsql.org/gallery/snort/index.html
> > > > >
> > > > > Great HORNY TOADS did Firefox not like that page....no less than at
> > > > > least 6 "Error loading element" error popup windows.  Yeesh.
> > >
> > > worked just fine in my FF3.6.17, too...
> > >
> > > james must have some debugging thing loaded... maybe?
> > >
> > > ------------------------------------------------------------------------------
> > > WhatsUp Gold - Download Free Network Management Software
> > > The most intuitive, comprehensive, and cost-effective network
> > > management toolset available today.  Delivers lowest initial
> > > acquisition cost and overall TCO of any competing solution.
> > > http://p.sf.net/sfu/whatsupgold-sd
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > ------------------------------------------------------------------------------
> > WhatsUp Gold - Download Free Network Management Software
> > The most intuitive, comprehensive, and cost-effective network
> > management toolset available today.  Delivers lowest initial
> > acquisition cost and overall TCO of any competing solution.
> > http://p.sf.net/sfu/whatsupgold-sd
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users