speeking of snort

Paul_Melson@keykertusa.com Paul_Melson@keykertusa.com
Thu, 8 Nov 2001 15:11:37 -0500

Previous message: speeking of snort
Next message: @home update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>does anyone know of a good reporting program for snort.  I have a machine
>that runs snort but I can't seem to get output from it that does much good
>to me.  Is there a reporting utility that will read snorts alert, and
>other log files and then generate a nicely formatted and somewhat detailed
>report?  If not are there any suggestions on how to run snort so the
>output is a little more user friendly?

Personally, I prefer and use SnortSnarf.  There don't seem to be a lot of
tools out there for Snort reporting that don't use Perl.  There is Snort
Report (http://www.circuitsmaximus.com), but that requires a MySQL server
and Apache, so unless you're already running both of those on the machine,
that's probably not an option, either.  One thing you might consider is
configuring Snort to log to another machine via syslog and install Perl on
that machine.  To do this, just add this line to your snort.conf:

output alert_syslog: LOG_AUTH LOG_ALERT

And then add this line to your syslog.conf:

snort.*  @###.###.###.###    <--[ip address of syslog machine]

PaulM

Previous message: speeking of snort
Next message: @home update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]