speeking of snort

[Jeffrey Utter]

does anyone know of a good reporting program for snort.  I have a machine
that runs snort but I can't seem to get output from it that does much good
to me.  Is there a reporting utility that will read snorts alert, and
other log files and then generate a nicely formatted and somewhat detailed
report?  If not are there any suggestions on how to run snort so the
output is a little more user friendly?  

my current configuration file tells it to do this:

## Step 1
var HOME_NET *.*.*.*/*  <- where *'s are the appropriate numbers.
var HOME_NET any
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
##  Step 2
preprocessor frag2
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
## Step 3
# nothing is set here


I'm running snort v1.8.2 on FreeBSD 4.4.  I have tried snort-rep, and
snortsnarf is not an option as it requires perl, and as much as I love
perl I can't put it on this machine, because that would use up to much of
the drive space.  any help is appreciated.

__________________________________________________________________________
Jeffrey Utter
http://nova.cl.msu.edu/