sensorTrends is a project that generates trending reports based on security device log files.
Version: 0.6sensorTrends is a project that generates trending reports based on security device log files.
Operating System: Linux
sensorTrends is a Web-based application that displays a high-level view of the ports that are being scanned over the course of time. The display is similar to the look and feel of incidents.org and Dshield.com.
There are also quick links to correlate your data with the Internet Storm Center (incidents.org).
Supported log formats are:
· Cisco router Access Control Lists (ACLs) syslog output,
· Cisco PIX firewall syslog output,
· Snort's portscan.log files,
· NetScreen syslog output.
· PHP4 with GD and MySQL support
· PEAR DB
· PEAR table.php
· JpGraph with basic and extra fonts
· Perl 5 with DBI and GetOpt::Long
· MySQL 3.2X
· Your Log files
What's New in This Release:
· The major feature for this release provides the ability to view trends for TCP/UDP/IP/ICMP.
· The Perl parsers have been modified to identify the specific protocol and insert them into the correct database table.
· Of course the SQL table structure has changed to include the new protocols, and the PHP displays have been modified to display the data.