Snort on Debian - no alerts? no reports?
Hi, Debian Unstable snort: Installed: 1.8.6-3 Candidate: 1.8.6-3 I have installed snort and I'm getting no email alerts, and the daily reports are blank. Once a day I get an email report from snort which is basically blank, here is the top part of it: Subject: snort daily report The log begins from: :: The log ends at: :: Total events: 0 Signatures recorded: 0 Source IP recorded: 0 Destination IP recorded: 0 When I run snort manually using: 'snort -v -i ppp0' I can see the traffic. I ssh to a remote box I have root privs on and run a nmap -sS and can see my scan scolling up the screen. My question is why no emailed alerts? This is how I installed it: apt-get install snort , then I configured it (below is snort.debian.conf DEBIAN_SNORT_HOME_NET=10.0.0.0/24 DEBIAN_SNORT_OPTIONS= -i ppp0 DEBIAN_SNORT_STATS_RCPT=alerts DEBIAN_SNORT_STATS_TRESHOLD=1 snort is running. Any help is appreciated. regards, T. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Snort on Debian - no alerts? no reports?
On Mon, 2002-06-24 at 07:53, T. wrote: Hi, Debian Unstable snort: Installed: 1.8.6-3 Candidate: 1.8.6-3 I have installed snort and I'm getting no email alerts, and the daily reports are blank. The version of snort-stat that is packaged with that one is somewhat messed up: The regular expressions that it uses for scanning the syslog file (you are logging to auth.log, right?) don't match the format that snort uses by default. There are more elegant solutions, I am sure, but I just downloaded the latest snort-stat from www.snort.org and it works flawlessly. HTH --j signature.asc Description: This is a digitally signed message part
