[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Blank messages from root (sent by snort)

I keep getting blank messages sent from root ... I did a little digging
around and found out that these are sent by /etc/cron.daily/5snort.  I 
think this is debian specific, since it gets my e-mail address from 
/etc/snort/snort.debian.conf.  The variable is DEBIAN_SNORT_STATS_RCPT, 
and the script being run to generate statistics is /usr/sbin/snort-stat.

It seems that snort-stat ends up reading /var/log/auth.log.  However, the
reason the message is blank is because it determines that this is not a
snort log and therefore exits without doing anything (it would be nice if
it said that the reason it aborted was because it wasn't looking at a
snort log).

I upgraded from 1.7-9 to 1.8.4beta1-2. I noticed that the 5snort script 
now tests to see if the output file from snort-stat is empty before it 
decides to send.  This would make it so that messages don't get sent ... 
but does it fix the problem?  I noticed that snort-stat still thinks that 
auth.log isn't a snort log file.  Is this just because snort hasn't 
detected anything or is it perhaps using incorrect criteria to test 
whether it's a snort log?



To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: