old-www/HOWTO/archived/Snort-Statistics-HOWTO/index.html

<HTML
><HEAD
><TITLE
>Snort-Setup for Statistics HOWTO</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="NEXT"
TITLE="Introduction"
HREF="intro.html"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="AEN2">Snort-Setup for Statistics HOWTO</H1
><H3
CLASS="AUTHOR"
><A
NAME="AEN5"
>Sandro Poppi</A
></H3
><DIV
CLASS="AFFILIATION"
><DIV
CLASS="ADDRESS"
><P
CLASS="ADDRESS"
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;spoppi at gmx.de<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</P
></DIV
></DIV
><P
CLASS="PUBDATE"
>v1.01, Feb 23, 2002<BR></P
>
<HR>
<P>
<B>Archived Document Notice:</B> This document has been archived by the LDP.
</P>
<DIV
CLASS="REVHISTORY"
><TABLE
WIDTH="100%"
BORDER="0"
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
COLSPAN="3"
><B
>Revision History</B
></TH
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.01</TD
><TD
ALIGN="LEFT"
>2002-02-23</TD
><TD
ALIGN="LEFT"
>Revised by: sp</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>- added "Setting up Linux for Snort" section
	    - added mysql option -p
	    - added some clarifications in mysql section</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 1.0</TD
><TD
ALIGN="LEFT"
>2002-01-01</TD
><TD
ALIGN="LEFT"
>Revised by: sp</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>- first release version
	    - moved to snort version 1.8.3
	    - changed RPMS to point to www.snort.org
	    - added link for my snortd initscript
	    - added warning about automatic rule update
	    - added hint to IDSPM
	    - changed for rule files to /etc/snort to reflect snort.org's RPMS
	    - as allways: clarified some parts</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 0.05</TD
><TD
ALIGN="LEFT"
>2001-11-14</TD
><TD
ALIGN="LEFT"
>Revised by: sp</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>- renamed HOWTO to Snort-Setup for Statistics HOWTO
	    - added short statistic script which I was inspired by Greg Sarsons
	    - clarified some parts and corrected some typos</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 0.04</TD
><TD
ALIGN="LEFT"
>2001-09-29</TD
><TD
ALIGN="LEFT"
>Revised by: sp</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>- added section "snort internal statistics" suggested from Greg Sarson
	    - added short statistic script contributed by Greg Sarson but
	    commented it out to get a more general version</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 0.03</TD
><TD
ALIGN="LEFT"
>2001-09-19</TD
><TD
ALIGN="LEFT"
>Revised by: sp</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>- added throttle option to swatch.conf
	    - changed ACID to version 0.9.6b15
	    - added some comments in ACID section
	    - added MD5 checksum section but commented it out</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 0.02</TD
><TD
ALIGN="LEFT"
>2001-09-16</TD
><TD
ALIGN="LEFT"
>Revised by: sp</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Some clarifications as suggested from Greg Sarsons, thx ;)</TD
></TR
><TR
><TD
ALIGN="LEFT"
>Revision 0.01</TD
><TD
ALIGN="LEFT"
>2001-09-04</TD
><TD
ALIGN="LEFT"
>Revised by: sp</TD
></TR
><TR
><TD
ALIGN="LEFT"
COLSPAN="3"
>Initial version</TD
></TR
></TABLE
></DIV
><DIV
><DIV
CLASS="ABSTRACT"
><A
NAME="AEN47"><P
></P
><P
>    This HOWTO describes how to configure Snort version 1.8.3 to be used in
    conjunction with the statistical tools ACID (Analysis Console for Intrusion
    Databases) and SnortSnarf. It also intends to get some internal statistics
    out of snort, e.g. if there are packets dropped.
    </P
><P
>    Additionally a description of how to automatically update Max Vision's
    rules, some scripts which may be helpful and a demo swatch configuration is
    included.
    </P
><P
></P
></DIV
></DIV
><HR></DIV
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>1. <A
HREF="intro.html"
>Introduction</A
></DT
><DD
><DL
><DT
>1.1. <A
HREF="intro.html#COPYRIGHT"
>Copyright Information</A
></DT
><DT
>1.2. <A
HREF="intro.html#DISCLAIMER"
>Disclaimer</A
></DT
><DT
>1.3. <A
HREF="intro.html#NEWVERSIONS"
>New Versions</A
></DT
><DT
>1.4. <A
HREF="intro.html#CREDITS"
>Credits</A
></DT
><DT
>1.5. <A
HREF="intro.html#FEEDBACK"
>Feedback</A
></DT
><DT
>1.6. <A
HREF="intro.html#TRANSLATIONS"
>Translations</A
></DT
></DL
></DD
><DT
>2. <A
HREF="structure.html"
>Structure</A
></DT
><DT
>3. <A
HREF="technicaloverview.html"
>Technical Overview</A
></DT
><DT
>4. <A
HREF="configuration.html"
>Configuration</A
></DT
><DD
><DL
><DT
>4.1. <A
HREF="configuration.html#PRE-SNORT-CONFIG"
>Setting up Linux for Snort</A
></DT
><DT
>4.2. <A
HREF="configuration.html#SNORT-CONFIG"
>Configuring Snort</A
></DT
><DT
>4.3. <A
HREF="configuration.html#MYSQL-CONFIG"
>Configuring MySQL</A
></DT
><DT
>4.4. <A
HREF="configuration.html#ADODB-CONFIG"
>Configuring ADODB</A
></DT
><DT
>4.5. <A
HREF="configuration.html#PHPLOT-CONFIG"
>Configuring PHPlot</A
></DT
><DT
>4.6. <A
HREF="configuration.html#ACID-CONFIG"
>Configuring ACID</A
></DT
><DT
>4.7. <A
HREF="configuration.html#SNORTSNARF-CONFIG"
>Configuring SnortSnarf</A
></DT
><DT
>4.8. <A
HREF="configuration.html#ARACHNIDSUPD-CONFIG"
>Configuring Arachnids_upd</A
></DT
><DT
>4.9. <A
HREF="configuration.html#SWATCH-CONFIG"
>Configuring Swatch</A
></DT
></DL
></DD
><DT
>5. <A
HREF="security-issues.html"
>Security Issues</A
></DT
><DT
>6. <A
HREF="help.html"
>Getting Help</A
></DT
><DT
>7. <A
HREF="faq.html"
>Questions and Answers</A
></DT
></DL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="intro.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Introduction</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>