Snortalog is a Perl script that simplifies the presentation of Snort logs, making it easier to observe network attacks identified by Snort.
Snortalog is an efficient and powerful Perl script that summarizes Snort logs, providing users with an easy view of any network attacks detected by Snort. This software can generate charts in HTML, PDF, and text output formats. It works with all versions of Snort and can analyze logs in three formats: syslog, fast, and full snort alerts. Additionally, it can summarize other logs such as CheckPoint Fw-1 (NG and 4.1), Netfilter, IPFilter, Packet Filter, CISCO PIX, and Lucent BRICK in a similar way.
The developer of Snortalog chose to create it in Perl because no existing scripts could generate reports on potential attacks quickly. Initially, the program was designed to generate text output to provide sorting and filtering statistics. Over time, the developer improved the program to create charts (HTML) for better visualization and soon a GUI. The use of a script like SnortALog is easier, efficient, and more appropriate than using a MySQL database or similar systems. In networks with many NIDS and several thousand log alerts, requests in a database would take a long response time, and regular database purging tasks would prove tough for administrators.
Snortalog has several prominent features, such as creating HTML, PDF, and text reports, generating GIF, PNG, or JPG graphs in HTML output, and working with Syslog, Fast, and Full SNORT alerts. It also works with all SNORT preprocessor and can link the SNORT signature to the web reference attack description. The software works with "-I" Snort option to specify an interface and add a report and can resolve IP addresses and domains. It has a filtering system for users who only want specific IP sources or high severity snort logs.
Moreover, Snortalog works seamlessly with several other systems like CheckPoint Fw-1 (4.1 and NG) in syslog and FW log export command, Netfilter and IPFilter syslog logs, syslog CISCO PIX logs, and Lucent Brick Firewall logs. It also comes with new features such as CHECK POINT VPN-1 log detection with the "fw log -n" and "fw tab -t connections -f -m 25000" commands.
In summary, Snortalog is one of the best Perl scripts for summarizing Snort logs and analyzing other logs. Its unique features and ease of use make it the go-to software for administrators who want to view any network attacks detected by Snort.
The developer of Snortalog chose to create it in Perl because no existing scripts could generate reports on potential attacks quickly. Initially, the program was designed to generate text output to provide sorting and filtering statistics. Over time, the developer improved the program to create charts (HTML) for better visualization and soon a GUI. The use of a script like SnortALog is easier, efficient, and more appropriate than using a MySQL database or similar systems. In networks with many NIDS and several thousand log alerts, requests in a database would take a long response time, and regular database purging tasks would prove tough for administrators.
Snortalog has several prominent features, such as creating HTML, PDF, and text reports, generating GIF, PNG, or JPG graphs in HTML output, and working with Syslog, Fast, and Full SNORT alerts. It also works with all SNORT preprocessor and can link the SNORT signature to the web reference attack description. The software works with "-I" Snort option to specify an interface and add a report and can resolve IP addresses and domains. It has a filtering system for users who only want specific IP sources or high severity snort logs.
Moreover, Snortalog works seamlessly with several other systems like CheckPoint Fw-1 (4.1 and NG) in syslog and FW log export command, Netfilter and IPFilter syslog logs, syslog CISCO PIX logs, and Lucent Brick Firewall logs. It also comes with new features such as CHECK POINT VPN-1 log detection with the "fw log -n" and "fw tab -t connections -f -m 25000" commands.
In summary, Snortalog is one of the best Perl scripts for summarizing Snort logs and analyzing other logs. Its unique features and ease of use make it the go-to software for administrators who want to view any network attacks detected by Snort.
What's New
Version 2.4.2: N/A