Re: Session statistics

[Erek Adams <erek () snort org>]

On Thu, 21 Aug 2003, John Creegan wrote:

[...snip...]

> I've searched the mail list archives and the snort website looking for
> the tool I need, and have not yet found it.  Before I go off and create
> this tool, I'd like to know if there already is a tool which can take
> advantage of the session.log data to tell me:
>      1. Who the top talkers are
>      2. Where the hotspots on the network are.
>
> If not, I'm thinking about creating a table in the snort database and
> then writing a bit of Perl to populate the table with the session stats.
>  I might then either write some php pages to add into ACID or write
> stored procedures or even more Perl to do a bit of analysis.
> Ultimately, I'd rather add the capability to ACID.
>
> Anyone know of a way I can do this with existing tools?

Ntop [0]
MRTG [1]
RRDTool [2]
Sniffer Pro [3]

Sniffer Pro is exactly what you want, it's just not cheap.  MRTG and
RRDTool would have to be massaged a bit to make them work like you want.
Ntop might be the closest thing...

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.ntop.org/
[1]     http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
[2]     http://www.rrdtool.com/
[3]     http://www.sniffer.com/


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users