Re: snort

To: debian-user@lists.debian.org
Subject: Re: snort
From: "Nejc Novak" <nejc.novak@soncek.biz>
Date: Mon, 8 Mar 2004 14:03:47 +0100 (CET)
Message-id: <[🔎] 63651.193.2.146.2.1078751027.squirrel@webmail.soncek.biz>
In-reply-to: <[🔎] 200403081333.08861.Joost.DeCock@astrid.be>
References: <[🔎] 62776.193.2.146.2.1078748848.squirrel@webmail.soncek.biz> <[🔎] 200403081333.08861.Joost.DeCock@astrid.be>

Hi!

I've figured out the problem. There is a script in cron.daily called
5snort and it searches /var/log/auth.log for snort reports, not
/var/log/snort/sth. Therefore you need to have snort configured to send
alert messages also to syslog. You have to edit /etc/init.d/snort and add
an '-s' option into it. And now it works.

Is this a bug? I haven't noticied anything about that in stable package's
documentation.


<quote who="Joost De Cock">
> On Monday 08 March 2004 13:27, Nejc Novak shoved this in my mailbox:
>> Hi!
>> I have installed snort on debian stable. Snort sends me e-mail report, but
>> it is empty. I believe it has sth to do with logrotate, but i don't
know
>> how to fix it. Help please.
>
> Check in your crontab what is sending you the email (probably
> in /etc/cron.daily).
> Once you find out you can run the script manually and see what goes
wrong.

Reply to:

References:
- snort
  - From: "Nejc Novak" <amadeus@soncek.biz>
- Re: snort
  - From: Joost De Cock <Joost.DeCock@astrid.be>

Prev by Date: Upgrading
Next by Date: Sent Spam
Previous by thread: Re: snort
Next by thread: Ethernet troubles
Index(es):
- Date
- Thread