FLoP - 1.6.0
Fast Logging Project for Snort
Dr. Dirk Geschke
<
Dirk@geschke-online.de
>
Copyright © 2006 Dirk Geschke
Table of Contents
Abstract
1.
Introduction
2.
Programs of the project
3.
The snort patch
3.1.
Statistics with snort
4.
Configuration of FLoP
4.1.
Some notes on the configuration options
5.
The programs
sockserv
and
servsock
5.1.
The details of
sockserv
5.1.1.
Options
5.1.2.
Signalhandling
5.1.3.
Some additional notes
5.2.
The details of
servsock
5.2.1.
Options
5.2.2.
The configuration file of
servsock
5.2.3.
Signalhandling
5.2.4.
Some additional notes
6.
The programs
alert
and
drop
6.1.
The details of
alert
6.2.
The details of
drop
6.3.
The command line options of
alert
and
drop
6.4.
The configuration file for
alert
and
drop
6.5.
Signalhandling
7.
The program
getpacket
7.1.
The extension of the database scheme
7.2.
The command line options of
getpacket
7.3.
The configuration file of
getpacket
7.4.
Some final notes on
getpacket
8.
The program
fpg
, a
f
alse
p
ositive
g
enerator
8.1.
The details of the
fpg
program
8.2.
The command line options of
fpg
8.3.
Some final remarks on the program
fpg
9.
The
contrib
directory
9.1.
The program
rules.pl
9.1.1.
The options of
rules.pl
9.1.2.
The configuration file
rules.pl.conf
9.2.
The files
create_mysql
and
create_postgresql
9.3.
The
cgi
files
9.4.
The perl script
stats.pl
10.
Summary of the tools and a final survey
List of Examples
3-1.
A simple perl script to feed an RRDtool database with a time step of 30 seconds. Here we only account for the rate of received packets but it is easily extended to use the other data.
Next
Abstract