Snort, being such a well-used project, has a variety of analysis products available. We will take a quick look at some of the most commonly used products and the features they provide. The IPCop logging system is not entirely adequate for most analysis, and definitely cannot be used to provide reports, which are commonly required whenever there is an intrusion attempt. Many projects have been created in order to analyze and report on these logs. In order to use these tools you may have to configure IPCop to log to a remote syslog server or in some cases you can install and add on to IPCop.
One of the easiest install-and-use products for Snort log analysis is the excellent SnortALog. It offers some excellent features, the most useful being the abilities it has for report generation—you can have reports in ASCII, PDF, or HTML format with images represented as GIF, PNG, or JPEG. This makes for excellent reporting as you can be provided with a variety of...