Running Snortsnarf Automatically

Problem

You want your Snortsnarf web pages to update automatically.

Solution

Move the Snortsnarf files to the appropriate location within your PATH as follows:

[root@localhost root]# cp /root/SnortSnarf-021111.1/include/* /usr/lib/perl5/site_perl/5.8.0 [root@localhost root]# cp /root/SnortSnarf-021111.1/include/ SnortSnarf/* /usr/lib/perl5/site_perl/5.8.0 [root@localhost root]# cp /root/SnortSnarf-021111.1/snortsnarf.pl /etc

Edit the crontab by using the following command:

[root@localhost root]# crontab -e

Add the following entry to run Snortsnarf every 10 minutes and refresh the browser every 5 minutes:

*/10 * * * * /etc/snortsnarf.pl -d /var/log/www/snortsnarf -refresh=300 /var/log/snort/alert

Discussion

It can be a tedious task to run the Snortsnarf command manually each time you want to look at your data. Creating the Snortsnarf cron job entry is an easy way to have Snortsnarf executed on a regular basis and have the browser refresh automatically, too. This way, you could have the browser open in your network operations center and be quickly alerted to new events.

See Also

Recipe 5.4

Cron manpage