modifying 5snort to add more detail to email report
Hello all,
I am using snort on Debian sarge. I am using 5snort to email daily
reports on the snort alert file. Sometimes the report lists several
events but does not give any details. Does anyone know how to set this
to where it will report EVERY entry in the alert log? I figure it has
something to do with a threshold setting somewhere but I cannot find it.
I have posted this to the snort-users list but as always my relatively
newbie questions are being ignored.
Below I have pasted a sample of one of the "no detail" emails.
Thanks,
-Jason
Events between 10 30 09:51:50 and 10 30 09:51:50
Total events: 1
Signatures recorded: 1
Source IP recorded: 1
Destination IP recorded: 1
Events from same host to same destination using same method
========================================================================
=
# of from to method
========================================================================
=
Percentage and number of events from a host to a destination
============================================================
% # of from to
============================================================
Percentage and number of events from one host to any with same method
==============================================================
% # of from method
==============================================================
Percentage and number of events to one certain host
=================================================================
% # of to method
=================================================================
The distribution of event methods
===============================================
% # of method
===============================================
Reply to: