[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is snort-stat and 5snort really broken in sid?

What version are you using??
make sure the following line is in your snort.conf -- I think the debian
equiv is snort-lib:

output alert_syslog: LOG_AUTH


On 12 Sep, Andrew Pollock wrote:
> Hi,
> I've always had problems with 5snort killing snort daily when snort's running in
> dialup mode (I fixed that by commenting out the restart line) but I'm not
> getting anything in the daily notification emails either.
> /etc/ppp/ip-up.d/snort doesn't start snort with -s, so nothing goes into
> /var/log/auth.log, everything goes into /var/log/snort/alert
> /etc/cron.daily/5snort doesn't read this particular file, it only looks at
> auth.log
> Even if I run snort-stat manually on auth.log (after I've made snort start with
> -s) it doesn't return anything when there are alerts in the log.
> Any suggestions appreciated, I'd like to get daily summary emails.
> Andrew

-------- Aude Sepere -------
---- Audax et Cautus -------

Reply to: