SnortSamStat

Snortsam with MRTG

Title: SnortsamStat
Version: 0.1
License: GNU
Requirements: Linux/Unix
Code: Java

This SnortsamStat is used to produce stats for MRTG based on the logfiles SnortSam produce.
When using Snort with snortsam, it will produce some blocks and bans and this will be fetched from the log (alerts, counts).
This is not made with performance in mind, just to fetch out the data needed for MRTG to produce nice graphs.

Needed
snort.sh file at the same place as the SnortsamStat.class
It will use the file to access db for the alerts.

How to run
Example: java SnortsamsStat /var/log/snortsam.log

An mrtg.cfg could look like this:

Target[localhost.snort]: `cd /root/mrtg/; java SnortsamStat /var/log/snortsam.log`
MaxBytes[localhost.snort]: 100
Title[localhost.snort]: Snort
PageTop[localhost.snort]:

Snort


YLegend[localhost.snort]: Alerts (min)
LegendI[localhost.snort]: Alerts (min)
LegendO[localhost.snort]: Blocked Hosts
Legend1[localhost.snort]: Incoming Alerts
Legend2[localhost.snort]: Blocked Hosts
Options[localhost.snort]: nopercent,growright,gauge
ShortLegend[localhost.snort]:  hits

Download: Snortsam MRTG

Leave a Reply

Your email address will not be published. Required fields are marked *