Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SNORT-REP(1)	      User Contributed Perl Documentation	  SNORT-REP(1)

NAME
       snort-rep - snort-reporting tool

SYNOPSIS
       snort-rep [OPTIONS] [syslog-file]

DESCRIPTION
       snort-rep is a Snort reporting tool that	can produce text or HTML
       output from a syslog file. If syslog-file is not	specified, it will use
       standard-input. The reports contain:

          Portscan summary

          Alert Summary by ID

          Alert summary by remote host	and ID

          Alert summary by local host and ID

          Alert summary by local port and ID

       It is designed to be used for daily e-mail reports to the system
       administrators (see snort-rep-mail for an example script	that generates
       daily e-mails). All reports contain priority information	(if used with
       Snort 1.8+) and the HTML	output contains	direct links to	the IDS
       descriptions of whitehats.com.

OPTIONS
       -h, --help
	   Print usage.

       -r, --resolve
	   Resolve host	names.

       -s, --source=SOURCE[,SOURCE...]
	   Read	information from SOURCE	(in addition to	syslog-file). This
	   option can be specified multiple times. If syslog-file is not
	   specified and no --sources option is	used, standard input will be
	   read	in syslog format.

	   SOURCE is a comma separated list of sources which may be:

	   syslog:FILE
	       Syslog file FILE

	   fast:FILE
	       Snort "fast-alert" file FILE

       -t, --text
	   Print text report (default).	If both	--text and --html are
	   specified, both will	be printed, separated by a line	like '<<<<<'
	   (79 times '<').

       --text-width=n
	   Try to fit the text report to n columns. Default: 79.

       -H, --html
	   Print HTML report.

       -l, --local=NET[,NET...]
	   NET is a local network. This	options	can be specified more than
	   once	and can	contain	more than one network (comma-separated). NET
	   must	be specified as	"network/mask",	for example "192.168.1.0/24".

       -F, --local-file=FILE
	   FILE	contains list of local networks, as given in -l	(one network
	   per line).  FILE can	contain	hash comments and empty	lines.

       -R, --remove-name=REGEX
	   Remove REGEX	from host names. This option is	useful to make nicer
	   host	names for local	hosts.

       --priority-med=N
	   Priorities greater or equal N will be considered "medium priority"
	   (default: 7).

       --priority-high=N
	   Priorities greater or equal N will be considered "high priority"
	   (default: 16). High-priority	alerts will be pushed on the top of
	   the reports.

       -N, --narrow
	   Try to make the reports better fit on the screen by trimming	too
	   long	host-names and placing spaces in the alert descriptions	so
	   that	they can be word-wrapped.

SEE ALSO
       http://people.ee.ethz.ch/~dws/software/snort-rep/

COPYRIGHT
       Copyright (c) 2001, 2002	by ETH Zurich. All rights reserved.

LICENSE
       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published by the
       Free Software Foundation; either	version	2 of the License, or (at your
       option) any later version.

       This program is distributed in the hope that it will be useful, but
       WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A	PARTICULAR PURPOSE.  See the GNU
       General Public License for more details.

       You should have received	a copy of the GNU General Public License along
       with this program; if not, write	to the Free Software Foundation, Inc.,
       675 Mass	Ave, Cambridge,	MA 02139, USA.

AUTHOR
       David Schweikert	<dws@ee.ethz.ch>

perl v5.42.0			  2026-03-01			  SNORT-REP(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=snort-rep&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>

home | help