Skip to content

juhaj77/snort_log_view

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
client
client
 
 
screenshots
screenshots
 
 
server
server
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

snort_log_view

Colorized html table view for Snort alert, appid and performance monitor log. The Perf tab cleans out fields with zero values. The alert information generates the Wireshark filter from time data. The appid feature displays real-time data. The appid_listener is https://github.com/snort3/snort3_extra feature. Server reads the files:

/var/log/snort/alert_json.txt
/var/log/snort/appid.json
/var/log/snort/perf_monitor_base.csv

install

/snort_log_view/client$ npm install
/snort_log_view/server$ npm install

start

/snort_log_view/server$ export NODE_OPTIONS=--max-old-space-size=8192
/snort_log_view/server$ sudo npm start
/snort_log_view/client$ npm start

snort.lua:

perf_monitor = {}

alert_json =
{
    file = true,
    limit = 100,
    fields = 'timestamp iface src_addr src_port dst_addr dst_port proto action msg priority class sid dir dst_ap eth_dst eth_len eth_src eth_type gid icmp_code iface ip_id ip_len mpls pkt_gen pkt_len pkt_num rev rule seconds service src_ap target tcp_ack tcp_flags tcp_len tcp_seq tcp_win tos ttl udp_len vlan'
}
-- only timestamp, priority, rule, proto, src_ap, dst_ap, msg, class and seconds are mandatory

appid_listener =
{
    json_logging = true,
    file = "/var/log/snort/appid.json",
}

screenshots

The alert view shows the latest alerts
alert view
Appid view is updated with a socket connection.
appid view
The search tab has various search and arrangement features search view
search view
Performance monitor data in table perf monitor view

todo

Find a faster solution than read-last-lines.

About

GUI for Snort

Topics

react javascript express snort3

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages