There is a tool available called SnortSnarf (http://www.silicondefense.com/software/snortsnarf/) that will read snort logs, and create web pages that put them into a readable manner. It's not very well documented, but if you follow the instructions on their website (or in the /user/share/doc directory), it's relatively simple to get going. Then, a simple cron job to update the web page.
I used to use it (and will again once I get my logging routines setup properly again) to put my IPCop snort logs into a more readable format. It was nice being able to click on an attack name, and get taken to Snort's web pages with a description of the attack, the impact, and how to protect against it. Shawn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter E. Williams Sent: Saturday, March 06, 2004 12:22 AM To: CLUG General Subject: [clug-talk] Re: Big thanks to Szemir & his Defense AgainstIntruders Presentation <snip> I'm reading through the Snort man pages and google to get acquainted. So far, it looks like I have to run it through console and that it can run with the firewall. </snip> _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
