readme

入侵检测系统.linux下与MySql连用的例子

What you find here are scripts/files which are not part of snort, but
are essential/helpful to get some of its features working.

Below is a brief description of each file:

ACID - The Analysis Console for Intrusion Databases is a powerful
analysis and visualization application. ACID requires a PHP enabled 
web server and use of the snort database plugin.

Guardian - a script that automatically reconfigures ipchains firewalls 
based on Snort alerts

Net-SnortLog-0.1.tar.gz - a Perl module for manipulating snort log files.

SnortSnarf - Code to parse a file of snort alerts and produce
HTML output intended for diagnostic inspection and tracking down problems.  
The model is that one is using a cron job or similar to produce a 
daily/hourly/whatever file of snort alerts. This script can be run on each
such file to produce a convenient HTML breakout of all the alerts.

Spade - SPADE stands for the Statistical Packet Anomaly Detection Engine. It
is a Snort preprocessor plugin which sends alerts of anomalous packet through
standard Snort reporting mechanisms.

address_config.sh - enables Snort to change its address space quickly and 
painlessly.

create_mysql - contains the SQL to create tables for MySQL database logging

create_postgresql - contains the SQL to create tables for PostgreSQL database 
logging

mysql.php3 - display your MySQL database events from your PHP web servers

passiveOS.tar.gz - Craig Smith has finished writing the Passive OS detection
for snort (log_dir and alert file) 

pgsql.php3 - display PostgreSQL database events from your PHP web servers

snml.dtd - A copy of the DTD that the XML plugin conforms to.

snort-sort.pl - this script produces a sorted list of snort alerts from a snort
alert file

snort2html.pl - generates web pages from snort alerts

snort_stat.pl - perl script that provides a statistical analysis of syslog
alerts produced by Snort

snortdb-extra.gz - Contains database tables that supplement the base tables 
required for database support in snort in order to make data more human 
readable.

snortlog - perl script that provides syslog alert summaries and reverse
attacker name resolution

snortnet.tar.gz - SnortNet is a research project that targets development of
a Distributed Intrusion Detection System (DIDS) based on snort NIDS as a node
sensor.

snortwatch-0.7 - This is a little tool to help keep track of alerts generated
by the excellent IDS tool snort. I've mostly tested snortwatch against version
1.5.x of snort and although the output of 1.6 seems very similar if not to say
identical, there may still be some type of alert I haven't come across that
could throw off the parsing.