Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SNORT-REP(1)	      User Contributed Perl Documentation	  SNORT-REP(1)

NAME
       snort-rep - snort-reporting tool

SYNOPSIS
       snort-rep [OPTIONS] [syslog-file]

DESCRIPTION
       snort-rep is a Snort reporting tool that	can produce text or HTML
       output from a syslog file. If syslog-file is not	specified, it will use
       standard-input. The reports contain:

          Portscan summary

          Alert Summary by ID

          Alert summary by remote host	and ID

          Alert summary by local host and ID

          Alert summary by local port and ID

       It  is  designed	 to  be	 used  for  daily e-mail reports to the	system
       administrators (see snort-rep-mail for an example script	that generates
       daily e-mails). All reports contain priority information	(if used  with
       Snort  1.8+)  and  the  HTML  output  contains  direct links to the IDS
       descriptions of whitehats.com.

OPTIONS
       -h, --help
	   Print usage.

       -r, --resolve
	   Resolve host	names.

       -s, --source=SOURCE[,SOURCE...]
	   Read	information from SOURCE	(in  addition  to  syslog-file).  This
	   option  can	be  specified  multiple	 times.	 If syslog-file	is not
	   specified and no --sources option is	used, standard input  will  be
	   read	in syslog format.

	   SOURCE is a comma separated list of sources which may be:

	   syslog:FILE
	       Syslog file FILE

	   fast:FILE
	       Snort "fast-alert" file FILE

       -t, --text
	   Print  text	report	(default).  If	both  --text  and  --html  are
	   specified, both will	be printed, separated by a line	 like  '<<<<<'
	   (79 times '<').

       --text-width=n
	   Try to fit the text report to n columns. Default: 79.

       -H, --html
	   Print HTML report.

       -l, --local=NET[,NET...]
	   NET	is  a  local  network. This options can	be specified more than
	   once	and can	contain	more than one network  (comma-separated).  NET
	   must	be specified as	"network/mask",	for example "192.168.1.0/24".

       -F, --local-file=FILE
	   FILE	 contains  list	of local networks, as given in -l (one network
	   per line).  FILE can	contain	hash comments and empty	lines.

       -R, --remove-name=REGEX
	   Remove REGEX	from host names. This option is	useful to  make	 nicer
	   host	names for local	hosts.

       --priority-med=N
	   Priorities  greater or equal	N will be considered "medium priority"
	   (default: 7).

       --priority-high=N
	   Priorities greater or equal N will be  considered  "high  priority"
	   (default:  16).  High-priority  alerts will be pushed on the	top of
	   the reports.

       -N, --narrow
	   Try to make the reports better fit on the screen  by	 trimming  too
	   long	 host-names  and  placing  spaces in the alert descriptions so
	   that	they can be word-wrapped.

SEE ALSO
       http://people.ee.ethz.ch/~dws/software/snort-rep/

COPYRIGHT
       Copyright (c) 2001, 2002	by ETH Zurich. All rights reserved.

LICENSE
       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published  by  the
       Free  Software Foundation; either version 2 of the License, or (at your
       option) any later version.

       This program is distributed in the hope that it	will  be  useful,  but
       WITHOUT	 ANY   WARRANTY;   without   even   the	 implied  warranty  of
       MERCHANTABILITY or FITNESS FOR  A  PARTICULAR  PURPOSE.	 See  the  GNU
       General Public License for more details.

       You should have received	a copy of the GNU General Public License along
       with this program; if not, write	to the Free Software Foundation, Inc.,
       675 Mass	Ave, Cambridge,	MA 02139, USA.

AUTHOR
       David Schweikert	<dws@ee.ethz.ch>

perl v5.36.3			  2025-04-18			  SNORT-REP(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=snort-rep&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help