Snort Report 1.3.1 Symmetrix Technologies LLC. December 21, 2005 DESCRIPTION Snort Report is an add-on module for the Snort Intrusion Detection System. It provides real-time reporting from the MySQL or PostgreSQL database generated by Snort. INSTALLATION 1. Requirements: a. Operating System - Snort Report will work on most systems running Apache and PHP. It has been tested on many flavors of Linux, Mac OSX, and Windows. b. Database - Currently, only MySQL 4.x and PostgreSQL are supported. Earlier or later versions of MySQL should work but are untested. The newer versions of Postgre may not work - patches are appreciated! A database abstraction layer has now been added to Snort Report so it should be trivial to add support for Oracle, ODBC, etc, if anyone's interested. c. Snort Intrusion Detection System - http://www.snort.org Only version 2.4 is supported. Earlier versions may work with SR but they have not been tested. d. Web server - Apache 1.3, 2.0, and PHP 4.3 (earlier versions may work) 2. Optional Software - to display the nice pie graph, you will also need: a. GD 2.0.11 or later - a general graphics library that supports PNG images. You can get it at http://www.boutell.com. b. Jpgraph 1.19 - Download it from http://www.aditus.nu/jpgraph. Earlier versions may or may not work with Snort Report. 3. Installing Snort Report a. Unzip the files into a directory on your web server. b. Edit srconf.php to enable Snort Report to see your MySQL server and Snort database. Also edit the path to your Jpgraph distribution if you have it. c. That's it! Load alerts.php into your web browser. PERFORMANCE 1. Please see Performance.txt (included with this distribution) for tips on speeding up Snort Report with MySQL. 2. You may also see slight speed improvements by installing the PHP Optimizer, available at http://www.zend.com. TROUBLESHOOTING 1. Make sure PHP is configured properly with all the support you need to run Snort Report. Create a PHP file with <?phpinfo();?> in it and load it into your web browser to see all the configured modules. 2. If you think you have a genuine bug, please let us know by email at snortreport@symmetrixtech.com. Sorry, but we don't provide support for installing Apache, PHP, etc. Check out the vendor's website for help. CHANGELOG 2005-12-21 - Version 1.3.1 Cosmetic changes in the logo and graphs Fix portscan display in graph Fixed minor bug when using performance profiling Fixed HTML links to snort.org signatures 2005-09-12 - Version 1.3 release Added nmap and nbtscan support courtesy of James Lohman Updated external http links to signature info Updated links to whois, dns, and traceroutes 2003-07-20 - Version 1.2 release Eliminated need for register globals to be turned on in PHP Updated code to work with Jpgraph 1.12.2 Enlarged pie chart so all labels are displayed Removed broken links And, courtesy of Robert Flach (robert.flach@materna.de): The ability to go back to specific days in the past Sorting of alerts first by priority level, then by frequency Other small tweaks and modifications 2003-02-18 - Version 1.12 release - added multible probe support, courtesy of Joerg Lehrke (Joerg.Lehrke@o2.com). Removed historical trends support, that code is now deprecated. Fixed problems with the newer versions of Jpgraph. Updated the WHOIS and Traceroute links. 2001-12-18 - Version 1.11 release - Minor patch to ensure compatibility with Jpgraph 1.4, courtesy of Erik Melander (emelander@wyndham.com). Jpgraph 1.2.2 will no longer work with SnortReport. 2001-11-08 - Version 1.1 release - Huge speed improvement thanks to optimization of code by Chris Adams. In particular, see Performance.txt for instuctions on creating indexes on your MySQL tables. 2001-09-26 - Version 1.06 release - Added PostgreSQL support, thanks to Enrico Scholz (Enrico.Scholz@informatik.tu-chemnitz.de). Also added a Java menu, thanks to Jason Costomiris. Removed buggy historical trends support. 2001-08-27 - Version 1.05 released - added cascading style sheets, courtesy of Jason Costomiris. Also fixed the port database link. 2001-08-13 - Version 1.04 released - Thanks again to Jason Costomiris (jcostom@jasons.org) and Chris Adams for their continuing contributions to the Snort Report project! Database abstraction layer added - If anyone would like to add PostgreSQL, Oracle, or ODBC support, it will be much easier now! 2001-08-09 - Version 1.03 released - Minor cleanup to HTML code 2001-08-08 - Version 1.02 released - Many thanks to Chris Adams (chris@improbable.org) and Patrick Lang (patricklang@mail.utexas.edu) for their contributions to Snort Report. General code optimization, including cleaning up various PHP warnings, adding some input validation, speeding up sorting, and switching to UNIX timestamps. Added reference links to signature and port databases (Arachnids, CVE, BUGTRAQ, etc.) Added timeline graph 2001-07-30 - Version 1.01 released Fixed IP address display error when first octet < 16 2001-07-22 - Version 1.0 released LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.