Blank messages from root (sent by snort)
I keep getting blank messages sent from root ... I did a little digging
around and found out that these are sent by /etc/cron.daily/5snort. I
think this is debian specific, since it gets my e-mail address from
/etc/snort/snort.debian.conf. The variable is DEBIAN_SNORT_STATS_RCPT,
and the script being run to generate statistics is /usr/sbin/snort-stat.
It seems that snort-stat ends up reading /var/log/auth.log. However, the
reason the message is blank is because it determines that this is not a
snort log and therefore exits without doing anything (it would be nice if
it said that the reason it aborted was because it wasn't looking at a
snort log).
I upgraded from 1.7-9 to 1.8.4beta1-2. I noticed that the 5snort script
now tests to see if the output file from snort-stat is empty before it
decides to send. This would make it so that messages don't get sent ...
but does it fix the problem? I noticed that snort-stat still thinks that
auth.log isn't a snort log file. Is this just because snort hasn't
detected anything or is it perhaps using incorrect criteria to test
whether it's a snort log?
Thanks!
Jen
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: