Package: snort Version: 2.9.15.1-5 Severity: normal Dear Maintainer,
On my Bullseye SysV system, snort runs the daily report from /etc/cron.daily/snort-common. But as the /etc/cron.daily/ dir is run in an alphabetic order, "logrotate" is run before "snort-common" which reduces the snort log file to size zero or almost zero, ending up in no report or a 1 second report. Solution: rename /etc/cron.daily/snort-common to /etc/cron.daily/00snort-common. Now /etc/cron.daily/snort-common is executed before logrotate. R. -- System Information: Debian Release: 11.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) Versions of packages snort depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.77 ii init-system-helpers 1.60 ii libc6 2.31-13 pn libdaq2 <none> pn libdumbnet1 <none> ii liblzma5 5.2.5-2 pn libnetfilter-queue1 <none> ii libnghttp2-14 1.43.0-1 ii libpcap0.8 1.10.0-2 ii libpcre3 2:8.39-13 ii libssl1.1 1.1.1k-1 ii logrotate 3.18.0-2 ii lsb-base 11.1.0 ii net-tools 1.60+git20181103.0eebece-1 pn rsyslog | system-log-daemon <none> pn snort-common <none> pn snort-common-libraries <none> pn snort-rules-default <none> ii zlib1g 1:1.2.11.dfsg-2 Versions of packages snort recommends: ii iproute2 5.10.0-4 Versions of packages snort suggests: pn snort-doc <none>
