automatically generate and email a daily report?

[MLP SCADA <MLPSCADA () ci anchorage ak us>]

Hey folks.

I've got snort/barnyard2 populating a mysql database.  I've got base running as a front end.  

What I'd like to do is automatically email a once a day summary of of the last 24 hours unique alerts to the on-calls, 
similar to the unique daily summary that base provides.

Base will do the email but it's a manual process, unless I'm missing something.

Google shows some stuff that you can cron (usually in perl), but the discussions are all pretty old, and the majority 
of them want to process syslog files instead of mysql.

This looked interesting:

http://www.the-tech-tutorial.com/?p=929

Until I saw it was debian only; there was no analogue in my SciLinux installed-from-source snort setup.

Snorby looked interesting until I saw it required a whole RoR ecosystem; life is complicated enough as it is.

Splunk won't tell you how much it'll cost (even ballpark) without having to call some salesman, so that's out.

What other options do folks use for a daily summary email to the relevant folks?

Thanks!



------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!