Re: Is snort-stat and 5snort really broken in sid?
On 12.09.2001 at 11:30:02, Andrew Pollock <firstname.lastname@example.org> wrote:
> Even if I run snort-stat manually on auth.log (after I've made snort start
> -s) it doesn't return anything when there are alerts in the log.
> Any suggestions appreciated, I'd like to get daily summary emails.
Well I popped off to www.snort.org and downloaded the latest snort_stat.pl, and
lo and behold, it works. I think the snort-stat included in snort-common
(1.8p1-1) doesn't match the version of snort (it's looking for different regular
expressions in the logs).