Snortalog is a Perl script that simplifies the presentation of Snort logs, making it easier to observe network attacks identified by Snort.
The developer of Snortalog chose to create it in Perl because no existing scripts could generate reports on potential attacks quickly. Initially, the program was designed to generate text output to provide sorting and filtering statistics. Over time, the developer improved the program to create charts (HTML) for better visualization and soon a GUI. The use of a script like SnortALog is easier, efficient, and more appropriate than using a MySQL database or similar systems. In networks with many NIDS and several thousand log alerts, requests in a database would take a long response time, and regular database purging tasks would prove tough for administrators.
Snortalog has several prominent features, such as creating HTML, PDF, and text reports, generating GIF, PNG, or JPG graphs in HTML output, and working with Syslog, Fast, and Full SNORT alerts. It also works with all SNORT preprocessor and can link the SNORT signature to the web reference attack description. The software works with "-I" Snort option to specify an interface and add a report and can resolve IP addresses and domains. It has a filtering system for users who only want specific IP sources or high severity snort logs.
Moreover, Snortalog works seamlessly with several other systems like CheckPoint Fw-1 (4.1 and NG) in syslog and FW log export command, Netfilter and IPFilter syslog logs, syslog CISCO PIX logs, and Lucent Brick Firewall logs. It also comes with new features such as CHECK POINT VPN-1 log detection with the "fw log -n" and "fw tab -t connections -f -m 25000" commands.
In summary, Snortalog is one of the best Perl scripts for summarizing Snort logs and analyzing other logs. Its unique features and ease of use make it the go-to software for administrators who want to view any network attacks detected by Snort.
Version 2.4.2: N/A