What version are you using??
make sure the following line is in your snort.conf -- I think the debian
equiv is snort-lib:
output alert_syslog: LOG_AUTH
--sjk
On 12 Sep, Andrew Pollock wrote:
> Hi,
>
> I've always had problems with 5snort killing snort daily when snort's running in
> dialup mode (I fixed that by commenting out the restart line) but I'm not
> getting anything in the daily notification emails either.
>
> /etc/ppp/ip-up.d/snort doesn't start snort with -s, so nothing goes into
> /var/log/auth.log, everything goes into /var/log/snort/alert
>
> /etc/cron.daily/5snort doesn't read this particular file, it only looks at
> auth.log
>
> Even if I run snort-stat manually on auth.log (after I've made snort start with
> -s) it doesn't return anything when there are alerts in the log.
>
> Any suggestions appreciated, I'd like to get daily summary emails.
>
> Andrew
>
>
--
-------- Aude Sepere -------
[EMAIL PROTECTED]
---- Audax et Cautus -------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]