Copyright (C) 2003 CounterSnipe Technologies LLC This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA INTRODUCTION Snort reports is an application that will suck data from a snort compliant database (tested with schema version 106) and format nice PDF reports. It makes use of the reportlabs python modules (www.reportlab.com) to generate the PDF's. The product was originally developed to function as part of the CounterSnipe APD suite but through the addition of a configuration file (/etc/snort-reports/snort-reports.conf) can now function as a stand alone report generator. USE Configure the config file in /etc/snort-reports/snort-reports.conf with the correct values and run the following command from the commandline snort-reports.py If you don't set the output filename, the application will write the report to standard out. INSTALLATION The snort-reports application has been packaged with both a debian installer as well as a python zipped tar file. There are a number of modules that have to be installed before you can use the report. They are: MySQLdb reportlab The debian installation is as simple as doing a dpkg -i snort-reports or if you use apt apt-get install snort-reports The dependancies will make sure that the required packages are installed. If you install from the tar file: tar -zxvf snort-reports.tar.gz python setup.py install MODIFICATION You can extend reportlabs to feed it your own data by extending/adding methods to the sql class. There are some limitations as to what data you can feed it currently (no more than 4 columns wide) and you should look through the code to clarify how you should feed it the data. PYTHON VERSIONS The code currently will build with whatever python version you have installed on your system and the modules will be placed in the site-packages of that version of python. KNOWN BUGS * A table cannot span more than 1 page and the code currently splits all tables at 35 lines into new tables.