Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Statistics

From: Real Cucumber <monkcucumber () yahoo com>
Date: Thu, 8 Jul 2004 12:33:52 -0700 (PDT)
Is there anyway to create statistics on snort data (in
packet logger mode text file directory of IP's) -
instead of going by the alert file?

One of my snort boxes never generates any alerts
because its sole purpose is to forward packets, and
its not running any services locally other than SSH
and even that is restricted to one NIC and protected
by IPtables.

Basically, I want to create a good summary of all the
traffic that has gone through this server (or
attempted to reach the server).


I create tcpdump logs and snort logs, but there is no
program I can find anywhere that will do good
statistics on either of them.

I've used ethereal on the tcpdump files and it doesn't
really generate a solid final report with graphs or
map out the most popular ips, or show which IP's
attempted port scans etc..

Snortalog and Snortsnarf don't work unless you have
alert files.

HELP!!>!?!?!


                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: