Snort on Debian - no alerts? no reports?

To: debian-user@lists.debian.org
Subject: Snort on Debian - no alerts? no reports?
From: T. <trucido@club88.co.nz>
Date: Mon, 24 Jun 2002 23:53:37 +1200
Message-id: <[🔎] 20020624235337.1d335d1c.trucido@club88.co.nz>

Hi,

Debian Unstable
snort:
  Installed: 1.8.6-3
  Candidate: 1.8.6-3 

I have installed snort and I'm getting no email alerts, and the daily
reports are blank.

Once a day I get an email report from snort which is basically blank,
here is the top part of it:

Subject: snort daily report

 The log begins from:   ::
 The log ends     at:   ::
 Total events: 0
 Signatures recorded: 0
 Source IP recorded: 0
 Destination IP recorded: 0

When I run snort manually using: 'snort -v -i ppp0' I can see the
traffic. I ssh to a remote box I have root privs on and run a nmap -sS
and can see my scan scolling up the screen. 

My question is why no emailed alerts? This is how I installed it:

apt-get install snort
, then I configured it (below is snort.debian.conf

 DEBIAN_SNORT_HOME_NET="10.0.0.0/24"
DEBIAN_SNORT_OPTIONS=" -i ppp0"
DEBIAN_SNORT_STATS_RCPT="alerts"
DEBIAN_SNORT_STATS_TRESHOLD="1"

snort is running.

Any help is appreciated.

regards,
T.



-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Snort on Debian - no alerts? no reports?
  - From: Juergen Fiedler <juergen@fiedlerfamily.net>

Prev by Date: Re: Help with install of Debian 2.2.r6
Next by Date: Re: Replacing kernel packages via apt + APT::Default-Release
Previous by thread: Re: ssh logging
Next by thread: Re: Snort on Debian - no alerts? no reports?
Index(es):
- Date
- Thread