GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SNORT-REP (1)

.ds Aq ’

NAME

snort-rep - snort-reporting tool

CONTENTS

SYNOPSIS

snort-rep [OPTIONS] [syslog-file]

DESCRIPTION

snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog file. If syslog-file is not specified, it will use standard-input. The reports contain:
o Portscan summary
o Alert Summary by ID
o Alert summary by remote host and ID
o Alert summary by local host and ID
o Alert summary by local port and ID
It is designed to be used for daily e-mail reports to the system administrators (see snort-rep-mail for an example script that generates daily e-mails). All reports contain priority information (if used with Snort 1.8+) and the HTML output contains direct links to the IDS descriptions of whitehats.com.

OPTIONS

-h, --help Print usage.
-r, --resolve Resolve host names.
-s, --source=SOURCE[,SOURCE...] Read information from SOURCE (in addition to syslog-file). This option can be specified multiple times. If syslog-file is not specified and no --sources option is used, standard input will be read in syslog format.

SOURCE is a comma separated list of sources which may be:
syslog:FILE Syslog file FILE
fast:FILE Snort fast-alert file FILE

-t, --text Print text report (default). If both --text and --html are specified, both will be printed, separated by a line like ’<<<<<’ (79 times ’<’).
--text-width=n Try to fit the text report to n columns. Default: 79.
-H, --html Print HTML report.
-l, --local=NET[,NET...] NET is a local network. This options can be specified more than once and can contain more than one network (comma-separated). NET must be specified as network/mask, for example 192.168.1.0/24.
-F, --local-file=FILE FILE contains list of local networks, as given in -l (one network per line). FILE can contain hash comments and empty lines.
-R, --remove-name=REGEX Remove REGEX from host names. This option is useful to make nicer host names for local hosts.
--priority-med=N Priorities greater or equal N will be considered medium priority (default: 7).
--priority-high=N Priorities greater or equal N will be considered high priority (default: 16). High-priority alerts will be pushed on the top of the reports.
-N, --narrow Try to make the reports better fit on the screen by trimming too long host-names and placing spaces in the alert descriptions so that they can be word-wrapped.

SEE ALSO

http://people.ee.ethz.ch/~dws/software/snort-rep/

COPYRIGHT

Copyright (c) 2001, 2002 by ETH Zurich. All rights reserved.

LICENSE

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

AUTHOR

David Schweikert <dws@ee.ethz.ch>
Search for    or go to Top of page |  Section 1 |  Main Index


perl v5.20.3 SNORT-REP (1) 2016-03-18

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.