[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Snort on Debian - no alerts? no reports?



On Mon, 2002-06-24 at 07:53, T. wrote:
> Hi,
> 
> Debian Unstable
> snort:
>   Installed: 1.8.6-3
>   Candidate: 1.8.6-3 
> 
> I have installed snort and I'm getting no email alerts, and the daily
> reports are blank.

The version of snort-stat that is packaged with that one is somewhat
messed up: The regular expressions that it uses for scanning the syslog
file (you are logging to auth.log, right?) don't match the format that
snort uses by default. There are more elegant solutions, I am sure, but
I just downloaded the latest snort-stat from www.snort.org and it works
flawlessly.

HTH
--j

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: