Snort Report 1.3.1
Symmetrix Technologies LLC.
December 21, 2005


DESCRIPTION
Snort Report is an add-on module for the Snort Intrusion Detection System.
It provides real-time reporting from the MySQL or PostgreSQL database generated
by Snort.


INSTALLATION
1.  Requirements:
	a.  Operating System -  Snort Report will work on most systems running
		Apache and PHP.  It has been tested on many flavors of Linux,
		Mac OSX, and Windows. 
	b.  Database - Currently, only MySQL 4.x and PostgreSQL are supported.
	    Earlier or later versions of MySQL should work but are untested.  The newer
	    versions of Postgre may not work - patches are appreciated!  A database
	    abstraction layer has now been added to Snort Report so it should be
	    trivial to add support for Oracle, ODBC, etc, if anyone's interested.
	c.  Snort Intrusion Detection System - http://www.snort.org
	    Only version 2.4 is supported.  Earlier versions may work with SR but
	    they have not been tested.
	d.  Web server -  Apache 1.3, 2.0, and PHP 4.3 (earlier versions may work)

2.  Optional Software - to display the nice pie graph, you will also need:
	a.  GD 2.0.11 or later 	- a general graphics library that supports PNG images.
	    You can get it at http://www.boutell.com.
	b.  Jpgraph 1.19 - Download it from http://www.aditus.nu/jpgraph.
	    Earlier versions may or may not work with Snort Report.
3.  Installing Snort Report
	a.  Unzip the files into a directory on your web server.
	b.  Edit srconf.php to enable Snort Report to see your MySQL server and
	    Snort database.  Also edit the path to your Jpgraph distribution
	    if you have it.
	c.  That's it!  Load alerts.php into your web browser.


PERFORMANCE
1.  Please see Performance.txt (included with this distribution) for tips on
    speeding up Snort Report with MySQL.
2.  You may also see slight speed improvements by installing the PHP Optimizer,
    available at http://www.zend.com.


TROUBLESHOOTING
1.  Make sure PHP is configured properly with all the support you need to run
    Snort Report.  Create a PHP file with <?phpinfo();?> in it and load it
    into your web browser to see all the configured modules.
2.  If you think you have a genuine bug, please let us know by email at
    snortreport@symmetrixtech.com.  Sorry, but we don't provide support for
    installing Apache, PHP, etc.  Check out the vendor's website for help.


CHANGELOG
2005-12-21 - Version 1.3.1
		 Cosmetic changes in the logo and graphs
		 Fix portscan display in graph
		 Fixed minor bug when using performance profiling
		 Fixed HTML links to snort.org signatures
2005-09-12 - Version 1.3 release
                 Added nmap and nbtscan support courtesy of James Lohman
		 Updated external http links to signature info
		 Updated links to whois, dns, and traceroutes 
2003-07-20 - Version 1.2 release
		 Eliminated need for register globals to be turned on in PHP
		 Updated code to work with Jpgraph 1.12.2
		 Enlarged pie chart so all labels are displayed
		 Removed broken links
		 And, courtesy of Robert Flach (robert.flach@materna.de):
		   The ability to go back to specific days in the past
		   Sorting of alerts first by priority level, then by frequency
		   Other small tweaks and modifications
2003-02-18 - Version 1.12 release - added multible probe support, courtesy of Joerg Lehrke
		 (Joerg.Lehrke@o2.com).
		 Removed historical trends support, that code is now deprecated.
		 Fixed problems with the newer versions of Jpgraph.
		 Updated the WHOIS and Traceroute links.
2001-12-18 - Version 1.11 release - Minor patch to ensure compatibility with Jpgraph 1.4,
		 courtesy of Erik Melander (emelander@wyndham.com).  Jpgraph 1.2.2 will
		 no longer work with SnortReport.
2001-11-08 - Version 1.1 release - Huge speed improvement thanks to optimization of code
                 by Chris Adams.  In particular, see Performance.txt for instuctions on
		 creating indexes on your MySQL tables.
2001-09-26 - Version 1.06 release - Added PostgreSQL support, thanks to Enrico
		 Scholz (Enrico.Scholz@informatik.tu-chemnitz.de).  Also added a Java
		 menu, thanks to Jason Costomiris.
		 Removed buggy historical trends support.
2001-08-27 - Version 1.05 released - added cascading style sheets, courtesy of
		 Jason Costomiris.  Also fixed the port database link.
2001-08-13 - Version 1.04 released - Thanks again to Jason Costomiris (jcostom@jasons.org)
		 and Chris Adams for their continuing contributions to the
		 Snort Report project!
	     Database abstraction layer added - If anyone would like to add
	         PostgreSQL, Oracle, or ODBC support, it will be much easier now!
2001-08-09 - Version 1.03 released - Minor cleanup to HTML code
2001-08-08 - Version 1.02 released - Many thanks to Chris Adams (chris@improbable.org)
	         and Patrick Lang (patricklang@mail.utexas.edu) for their
		 contributions to Snort Report.
	     General code optimization, including cleaning up various PHP warnings,
		 adding some input validation, speeding up sorting, and switching to
		 UNIX timestamps.
 	     Added reference links to signature and port databases (Arachnids, CVE,
		 BUGTRAQ, etc.)
	     Added timeline graph
2001-07-30 - Version 1.01 released
	     Fixed IP address display error when first octet < 16
2001-07-22 - Version 1.0 released


LICENSE
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.

This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
more details.

You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA.