SNORT-REP(1) User Contributed Perl Documentation SNORT-REP(1)NAMEsnort-rep - snort-reporting tool
SYNOPSISsnort-rep [OPTIONS] [syslog-file]
DESCRIPTIONsnort-rep is a Snort reporting tool that can produce text or HTML
output from a syslog file. If syslog-file is not specified, it will use
standard-input. The reports contain:
· Portscan summary
· Alert Summary by ID
· Alert summary by remote host and ID
· Alert summary by local host and ID
· Alert summary by local port and ID
It is designed to be used for daily e-mail reports to the system
administrators (see snort-rep-mail for an example script that generates
daily e-mails). All reports contain priority information (if used with
Snort 1.8+) and the HTML output contains direct links to the IDS
descriptions of whitehats.com.
OPTIONS-h, --help
Print usage.
-r, --resolve
Resolve host names.
-s, --source=SOURCE[,SOURCE...]
Read information from SOURCE (in addition to syslog-file). This
option can be specified multiple times. If syslog-file is not
specified and no --sources option is used, standard input will be
read in syslog format.
SOURCE is a comma separated list of sources which may be:
syslog:FILE
Syslog file FILE
fast:FILE
Snort "fast-alert" file FILE
-t, --text
Print text report (default). If both --text and --html are
specified, both will be printed, separated by a line like '<<<<<'
(79 times '<').
--text-width=n
Try to fit the text report to n columns. Default: 79.
-H, --html
Print HTML report.
-l, --local=NET[,NET...]
NET is a local network. This options can be specified more than
once and can contain more than one network (comma-separated). NET
must be specified as "network/mask", for example "192.168.1.0/24".
-F, --local-file=FILE
FILE contains list of local networks, as given in -l (one network
per line). FILE can contain hash comments and empty lines.
-R, --remove-name=REGEX
Remove REGEX from host names. This option is useful to make nicer
host names for local hosts.
--priority-med=N
Priorities greater or equal N will be considered "medium priority"
(default: 7).
--priority-high=N
Priorities greater or equal N will be considered "high priority"
(default: 16). High-priority alerts will be pushed on the top of
the reports.
-N, --narrow
Try to make the reports better fit on the screen by trimming too
long host-names and placing spaces in the alert descriptions so
that they can be word-wrapped.
SEE ALSO
http://people.ee.ethz.ch/~dws/software/snort-rep/
COPYRIGHT
Copyright (c) 2001, 2002 by ETH Zurich. All rights reserved.
LICENSE
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
675 Mass Ave, Cambridge, MA 02139, USA.
AUTHOR
David Schweikert <dws@ee.ethz.ch>
perl v5.20.3 2015-10-07 SNORT-REP(1)
