I'm having the same problem. From what I hear, a solution has something to do with acidlab, but I'm not sure. Martin McCormick wrote: > I've got snort installed and running on Debian3.0. It runs > fine but I never get any thing in the report Emails that I receive > each day. The messages have a suspiciously empty look to them like a > form that should be filled in but isn't. I have run snort in the past > in a fully-capturing mode and there are all kinds of the usual monkey > business going on out there so I know that in 3 months, I should have > seen something. After 92 days, every single message looks like the > following example: > > (Message inbox:152) > > > From: root <root@systemname> > > > Subject: [SNORT] systemname > daily report > > The log begins from: :: > The log ends at: :: > Total events: 0 > Signatures recorded: 0 > Source IP recorded: 0 > Destination IP recorded: 0 > > > The number of attacks from same host to same > destination using same method > ========================================================================= > # of > attacks from to method > ========================================================================= > > > Percentage and number of attacks from a host to a > destination > ============================================================ > # of > % attacks from to > ============================================================ > > > Percentage and number of attacks from one host to any > with same method > ============================================================== > # of > % attacks from method > ============================================================== > > > Percentage and number of attacks to one certain host > ================================================================= > # of > % attacks to method > ================================================================= > > > The distribution of attack methods > =============================================== > # of > % attacks method > =============================================== > > End of example --------------------------------------------------- > > I installed snort by using dselect and it is looking for all > the standard attack signatures that come with the distribution. I > certainly don't want trouble, but I think I am missing activity that > is going on. The network it is sniffing is the correct network for my > installation and, in the past, I saw traffic when using that > definition so I am not sure what is going on. > > Any constructive ideas are welcome. > > By the way, this particular message is not coming from > the system in question. > > Martin McCormick WB5AGZ Stillwater, OK > OSU Information Technology Division Network Operations Group > > -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$ UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K- w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-) b++(+++)@ DI? D? G e->++++ h* r? z* ------END GEEK CODE BLOCK------ David Mandelberg mandelbergd@eth0.is-a-geek.org
Attachment:
signature.asc
Description: OpenPGP digital signature