Snort Report 1.11 Circuits Maximus, LLC. December 18, 2001 DESCRIPTION Snort Report is an add-on module for the Snort Intrusion Detection System. It provides real-time reporting from the MySQL or PostgreSQL database generated by Snort. INSTALLATION 1. Requirements: a. Operating System - Snort Report has been tested on these systems: RedHat 6.x, 7.x SuSE 7.1 Mandrake 8.0 Slackware 8 FreeBSD 4.2 and 4.3 OpenBSD 2.9 Mac OS X 10.0.4 Snort Report should work on any platform with MySQL and PHP. Please let us know if it runs on other systems! b. Database - Currently, only MySQL 3.23 and PostgreSQL are supported. It's available at http://www.mysql.com. A database abstraction layer has now been added to Snort Report, so it should be trivial to add support for Oracle, ODBC, etc, if anyone's interested. c. Snort Intrusion Detection System - http://www.snort.org Only version 1.8 is supported. The MySQL database schema changed between Snort 1.7 and 1.8 so earlier versions are not compatible. d. Web server - Apache 1.3 and PHP 4.0.4 (earlier versions may work) 2. Optional Software - to display the nice pie graph, you will also need: a. GD 1.8.4 - a general graphics library that supports PNG images. You can get it at http://www.boutell.com. b. Jpgraph 1.4 - This blows away phplot. Download it from http://www.aditus.nu/jpgraph. 3. Installing Snort Report a. Unzip the files into a directory on your web server. b. Edit srconf.php to enable Snort Report to see your MySQL server and Snort database. Also edit the path to your Jpgraph distribution, if you have it. c. That's it! Load alerts.php into your web browser. PERFORMANCE 1. Please see Performance.txt (included with this distribution) for tips on speeding up Snort Report with MySQL. 2. You may also see slight speed improvements by installing the PHP Optimizer, available at http://www.zend.com. TROUBLESHOOTING 1. Make sure PHP is configured properly with all the support you need to run Snort Report. Create a PHP file with <?phpinfo();?> in it and load it into your web browser to see all the configured modules. 2. If you think you have a genuine bug, please let us know by email at snortreport@circuitsmaximus.com. Sorry, but we don't provide support for installing Apache, PHP, etc. Check out the vendor's website for help. CHANGELOG 2001-12-18 - Version 1.11 release - Minor patch to ensure compatibility with Jpgraph 1.4, courtesy of Erik Melander (emelander@wyndham.com). Jpgraph 1.2.2 will no longer work with SnortReport. 2001-11-08 - Version 1.1 release - Huge speed improvement thanks to optimization of code by Chris Adams. In particular, see Performance.txt for instuctions on creating indexes on your MySQL tables. 2001-09-26 - Version 1.06 release - Added PostgreSQL support, thanks to Enrico Scholz (Enrico.Scholz@informatik.tu-chemnitz.de). Also added a Java menu, thanks to Jason Costomiris. Removed buggy historical trends support. 2001-08-27 - Version 1.05 released - added cascading style sheets, courtesy of Jason Costomiris. Also fixed the port database link. 2001-08-13 - Version 1.04 released - Thanks again to Jason Costomiris (jcostom@jasons.org) and Chris Adams for their continuing contributions to the Snort Report project! Database abstraction layer added - If anyone would like to add PostgreSQL, Oracle, or ODBC support, it will be much easier now! 2001-08-09 - Version 1.03 released - Minor cleanup to HTML code 2001-08-08 - Version 1.02 released - Many thanks to Chris Adams (chris@improbable.org) and Patrick Lang (patricklang@mail.utexas.edu) for their contributions to Snort Report. General code optimization, including cleaning up various PHP warnings, adding some input validation, speeding up sorting, and switching to UNIX timestamps. Added reference links to signature and port databases (Arachnids, CVE, BUGTRAQ, etc.) Added timeline graph 2001-07-30 - Version 1.01 released Fixed IP address display error when first octet < 16 2001-07-22 - Version 1.0 released TO DO Features that will be added in upcoming releases: 1. Add user-configurable variable to change default time period in alerts.php 2. Optional auto-refresh of alerts.php 3. Add support for JPGraph 1.3 4. More detail on ICMP packets LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Copyright 2001, Circuits Maximus, LLC.