Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  SNORT-REP (1)

.ds Aq ’


snort-rep - snort-reporting tool



snort-rep [OPTIONS] [syslog-file]


snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog file. If syslog-file is not specified, it will use standard-input. The reports contain:
o Portscan summary
o Alert Summary by ID
o Alert summary by remote host and ID
o Alert summary by local host and ID
o Alert summary by local port and ID
It is designed to be used for daily e-mail reports to the system administrators (see snort-rep-mail for an example script that generates daily e-mails). All reports contain priority information (if used with Snort 1.8+) and the HTML output contains direct links to the IDS descriptions of


-h, --help Print usage.
-r, --resolve Resolve host names.
-s, --source=SOURCE[,SOURCE...] Read information from SOURCE (in addition to syslog-file). This option can be specified multiple times. If syslog-file is not specified and no --sources option is used, standard input will be read in syslog format.

SOURCE is a comma separated list of sources which may be:
syslog:FILE Syslog file FILE
fast:FILE Snort fast-alert file FILE

-t, --text Print text report (default). If both --text and --html are specified, both will be printed, separated by a line like ’<<<<<’ (79 times ’<’).
--text-width=n Try to fit the text report to n columns. Default: 79.
-H, --html Print HTML report.
-l, --local=NET[,NET...] NET is a local network. This options can be specified more than once and can contain more than one network (comma-separated). NET must be specified as network/mask, for example
-F, --local-file=FILE FILE contains list of local networks, as given in -l (one network per line). FILE can contain hash comments and empty lines.
-R, --remove-name=REGEX Remove REGEX from host names. This option is useful to make nicer host names for local hosts.
--priority-med=N Priorities greater or equal N will be considered medium priority (default: 7).
--priority-high=N Priorities greater or equal N will be considered high priority (default: 16). High-priority alerts will be pushed on the top of the reports.
-N, --narrow Try to make the reports better fit on the screen by trimming too long host-names and placing spaces in the alert descriptions so that they can be word-wrapped.



Copyright (c) 2001, 2002 by ETH Zurich. All rights reserved.


This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.


David Schweikert <>
Search for    or go to Top of page |  Section 1 |  Main Index

perl v5.20.3 SNORT-REP (1) 2016-03-18

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.