Snort Grok - Snort Intrusion Detection Reports
Snort Grok provides simple PHP/MySQL drill down reports for the Snort IDS. (Grok means to thoroughly understand, and IDS stands for Intrusion Detection System.)
Snort Grok IDS Report Features
- clear reports of network intrusions.
- filter by date, IP, port, signature, etc.
- easy to install. Just set the MySQL password.
- configurable for best performance.
- self-contained - no graphing libs needed.
- can easily delete false positives
- provides ARIN whois lookups.
- provides ASCII and Hex views of payload.
- helps you configure Snort to block or limit noisy rules.
1.1 Release Notes 2006-05-16
- Fixed a bug that caused php to give a v4.2 global vars warning.
- Changed the defaults to improve performance on larger databases.
- Added Alerts by Dest. IP Report.
- Always show sensors now.
- Show portscans.
- User can Toggle DNS lookups.
- Now Handles multiple sensors correctly.
- Includes Indexing for faster speed.
- Fixed bugs on deleting.
Download Snort Grok.php v1.1
13k. Requires PHP and Snort configured to log to MySQL.
MD5 (snort_grok.tar.gz) = 3bb0f89882c338dcdb0ac64522ab84fc
Extract it using gunzip and place it inside your web server's document root. Set your MySQL database username and password and tweak the settings for the best performance.
gunzip snort_grok.tar.gz
tar -xvf snort_grok.tar
Snort Grok Report Screenshots
Please send comments, feature requests, and bug reports to erik -at- timestretch.com.
-Erik Wrenholt
PS: Remember to backup your database before trying the delete command.
mysqldump -u snort -p snort > snort.sql
Comments
Leave a Comment
 Show Comment Form
|
