Snort mailing list archives
RE: snort_stat.pl
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Mon, 20 Jan 2003 15:22:38 -0500
FYI After further investigation, I found my custom rules were missing the classtype tag. Snort still works without these tags though if this tag is missing in the rules, then alerts get logged differently and when you run snort_stat, it comes out screwed up. Problem solved...thanks for the help. -----Original Message----- From: Lodin, Steven {DI~Basel} [mailto:STEVEN.LODIN () Roche COM] Sent: Saturday, January 18, 2003 7:51 AM To: Sheahan, Paul (PCLN-NW) Subject: RE: [Snort-users] snort_stat.pl Paul, What is wrong with the existing snort_stat.pl? I'm pretty sure I have the same version running with 1.8.7 and 1.9.0. Here is the output of snort_stat.pl on my home network running with 1.9.0: http://157.161.55.59:8/snort.html Let me know if you want the script I'm using. I doubt I've modified it though.
Does anyone know if a updated version of snort_stat.pl has been released that works well with Snort 1.9?
Steve Lodin, CISSP Roche Diagnostics Head of Global IT Security Office +41-61-688-4738 Mobile +41-79-770-9717 ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort_stat.pl Sheahan, Paul (PCLN-NW) (Jan 17)
- <Possible follow-ups>
- RE: snort_stat.pl Sheahan, Paul (PCLN-NW) (Jan 20)