GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
SNORT-REP(1) User Contributed Perl Documentation SNORT-REP(1)

snort-rep - snort-reporting tool

snort-rep [OPTIONS] [syslog-file]

snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog file. If syslog-file is not specified, it will use standard-input. The reports contain:
  • Portscan summary
  • Alert Summary by ID
  • Alert summary by remote host and ID
  • Alert summary by local host and ID
  • Alert summary by local port and ID

It is designed to be used for daily e-mail reports to the system administrators (see snort-rep-mail for an example script that generates daily e-mails). All reports contain priority information (if used with Snort 1.8+) and the HTML output contains direct links to the IDS descriptions of whitehats.com.

-h, --help
Print usage.
-r, --resolve
Resolve host names.
-s, --source=SOURCE[,SOURCE...]
Read information from SOURCE (in addition to syslog-file). This option can be specified multiple times. If syslog-file is not specified and no --sources option is used, standard input will be read in syslog format.

SOURCE is a comma separated list of sources which may be:

syslog:FILE
Syslog file FILE
fast:FILE
Snort "fast-alert" file FILE
-t, --text
Print text report (default). If both --text and --html are specified, both will be printed, separated by a line like '<<<<<' (79 times '<').
--text-width=n
Try to fit the text report to n columns. Default: 79.
-H, --html
Print HTML report.
-l, --local=NET[,NET...]
NET is a local network. This options can be specified more than once and can contain more than one network (comma-separated). NET must be specified as "network/mask", for example "192.168.1.0/24".
-F, --local-file=FILE
FILE contains list of local networks, as given in -l (one network per line). FILE can contain hash comments and empty lines.
-R, --remove-name=REGEX
Remove REGEX from host names. This option is useful to make nicer host names for local hosts.
--priority-med=N
Priorities greater or equal N will be considered "medium priority" (default: 7).
--priority-high=N
Priorities greater or equal N will be considered "high priority" (default: 16). High-priority alerts will be pushed on the top of the reports.
-N, --narrow
Try to make the reports better fit on the screen by trimming too long host-names and placing spaces in the alert descriptions so that they can be word-wrapped.

http://people.ee.ethz.ch/~dws/software/snort-rep/

Copyright (c) 2001, 2002 by ETH Zurich. All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

David Schweikert <dws@ee.ethz.ch>
2022-04-09 perl v5.32.1
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.