This directory contains some useful programs: classification.pl: ------------------ This is a perl script to add the content of classifcation.config to the database. This can also be done via the rules.pl script. rules.pl: --------- This perl script adds the signatures and references to the database. If these rules are already part of the database then the INSERTS of alerts should be faster. You can also add signatures with a range of priorities via this script. create_mysql: ------------- MySQL script for initializing the database with scheme 107 and support for full payload and reference. Furterh sig_gid is added to store the generator id of the alert. create_postgresql: ------------------ PostgreSQL script for initializing the database with scheme 107 and support for full payload and reference. Furterh sig_gid is added to store the generator id of the alert. db-cgi.pl, ip.pl, list.pl, select.pl, signature.pl, sum.pl: ----------------------------------------------------------- These files can be use as cgi-perl-scripts to query the database select.pl: Here you can choose a sensor (sid) and the alert number (cid) to fetch the alert from the database sum.pl: This gives a summary of the sensors and different kind of alerts in the database. You can use this as start point db-cgi.pl: This script is for displaying a single alert list.pl: This is for the display of result lists. signature.pl: List results based on a special signature ip.pl List results based on an IP address or IP protocol All these scripts use the file dbh.pm where the database parameter have to be inserted. NOTE: All scripts have to be set the INC path correctly to find dbh.pm or this file has to be copied in the default module search path of the used perl interpreter stats.pl: --------- This script can be used to receive statistics from snort via the -Z option to feed RRD files. NOTE: The default for this script is 30 seconds (snort -Z 30). You can adjust this value but therefore you must change the step entry in the creation of the databases. alert.init, drop.init, servsock.init, sockserv.init sockserv.sysconfig: ----------------------------------------------------------------------- These files were contributed by and are intended to be used as start scripts. Please adjust these scripts to your needs before using them.