Is snort-stat and 5snort really broken in sid?
I've always had problems with 5snort killing snort daily when snort's running in
dialup mode (I fixed that by commenting out the restart line) but I'm not
getting anything in the daily notification emails either.
/etc/ppp/ip-up.d/snort doesn't start snort with -s, so nothing goes into
/var/log/auth.log, everything goes into /var/log/snort/alert
/etc/cron.daily/5snort doesn't read this particular file, it only looks at
Even if I run snort-stat manually on auth.log (after I've made snort start with
-s) it doesn't return anything when there are alerts in the log.
Any suggestions appreciated, I'd like to get daily summary emails.