Re: Is snort-stat and 5snort really broken in sid?

To: <debian-security@lists.debian.org>
Subject: Re: Is snort-stat and 5snort really broken in sid?
From: Andrew Pollock <andrew@andrew.net.au>
Date: Thu, 13 Sep 2001 09:42:35 +1000
Message-id: <[🔎] 200109122342.f8CNgZDA024005@daedalus.andrew.net.au>
In-reply-to: <[🔎] 200109120128.f8C1SSsx027284@daedalus.andrew.net.au>
References: <[🔎] 200109120128.f8C1SSsx027284@daedalus.andrew.net.au>

On 12.09.2001 at 11:30:02, Andrew Pollock <andrew@andrew.net.au> wrote:

> Even if I run snort-stat manually on auth.log (after I've made snort start
with
> -s) it doesn't return anything when there are alerts in the log.
> 
> Any suggestions appreciated, I'd like to get daily summary emails.

Well I popped off to www.snort.org and downloaded the latest snort_stat.pl, and
lo and behold, it works. I think the snort-stat included in snort-common
(1.8p1-1) doesn't match the version of snort (it's looking for different regular
expressions in the logs).

Andrew

Reply to:

References:
- Is snort-stat and 5snort really broken in sid?
  - From: Andrew Pollock <andrew@andrew.net.au>

Prev by Date: exim + procmail = segmenatation fault
Next by Date: Re: SSH install in Woody
Previous by thread: Re: Is snort-stat and 5snort really broken in sid?
Next by thread: enscript -e option a security risk?
Index(es):
- Date
- Thread