Re: snort-stat not reporting

To: Isetro Savi <isetro@sevicron.com>
Cc: debian-user@lists.debian.org
Subject: Re: snort-stat not reporting
From: Sebastiaan <S.Breedveld@ITS.TUDelft.NL>
Date: Mon, 30 Jul 2001 10:39:07 +0200 (METDST)
Message-id: <[🔎] Pine.HPP.3.95.1010730103749.29768B-100000@elektron.its.tudelft.nl>
In-reply-to: <[🔎] 20010725002221.A30559@sevicron.com>

Hello,

On Wed, 25 Jul 2001, Isetro Savi wrote:

> I'm running Debian unstable and the snort-stat script does not do
> reporting correctly.  All I receive is a blank e-mail in place of the
> proper statistics it should create.
I run testing and I have the same problem. I thought that there was
nothing to report. 

Thanks for the patch!
Greetz,
Sebastiaan


> 
> After a little bit of troubleshooting, I have made a change in the
> script (diff follows below).  It seems my auth.log output is just a
> little bit different than what snort-stat thinks.  Is anybody else
> having this problem?
> 
> /usr/sbin/snort-stat is my modified version
> 
> --- ./snort-stat        Tue Jul 24 08:33:36 2001
> +++ /usr/sbin/snort-stat        Tue Jul 24 08:33:47 2001
> @@ -78,7 +78,7 @@
>  
>    # For snort log, added by $Author: yenming $
>    # If this is a snort log
> -  if (/^(\w{3})\s+(\d+)\s(\d+)\:(\d+)\:(\d+)\s([\w-]+)\ssnort\[\d+\]:\s+
> +  if (/^(\w{3})\s+(\d+)\s(\d+)\:(\d+)\:(\d+)\s([\w]+)\ssnort\:\s+
> 
> 	([^:]+):\s([\d\.]+)[\:]*([\d]*)\s[\-\>]+\s([\d\.]+)[\:]*([\d]*)/ox)
>      {
>        $month  = $1; $day   = $2;  $hour  = $3; $minute = $4;
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- snort-stat not reporting
  - From: Isetro Savi <isetro@sevicron.com>

Prev by Date: scsi0: Spurious SCSI interrupt
Next by Date: Re: Autoconf bugs?
Previous by thread: Re: snort-stat not reporting
Next by thread: Cant install debian???
Index(es):
- Date
- Thread