Snort mailing list archives
Re: portscan2-ignore... ???
From: Michael D Schleif <mds () helices org>
Date: Mon, 18 Aug 2003 21:10:10 -0500
Erek Adams <erek () snort org> [2003:08:18:20:24:23-0400] scribed:
On Mon, 18 Aug 2003, Michael D Schleif wrote:Although, from [1] above, the scan is confirmed to be logged to /var/log/snort/alert, it *DOES NOT* make it into my `daily report' ;< So, I am definitely re-confused. What is the intended behaviour for the scenario I describe? Should, or should _not_, *all* events in /var/log/snort/alert show up in the `daily report'? I am missing something, and would appreciate a clue . . .Snort does not have a functionality to give you a 'daily report', so what package are you using to generate your stats? If the data is in /var/log/snort/alert then Snort is working just fine. If it's not in the report, then I'd say it's a problem of the logparser/reader.
Sorry, I am using debian, and it contains: /etc/cron.daily/5snort, which in turn uses this: /usr/sbin/snort-stat -- only now, I realize that these are debian-specific. Thank you, for your consideration . . . -- Best Regards, mds - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
_bin
Description:
Current thread:
- portscan2-ignore... ??? Michael D Schleif (Aug 15)
- Re: portscan2-ignore... ??? Michael D Schleif (Aug 16)
- Re: portscan2-ignore... ??? Erek Adams (Aug 17)
- Re: portscan2-ignore... ??? Michael D Schleif (Aug 17)
- Re: portscan2-ignore... ??? Michael D Schleif (Aug 18)
- Re: portscan2-ignore... ??? Erek Adams (Aug 18)
- Re: portscan2-ignore... ??? Michael D Schleif (Aug 18)
- Re: portscan2-ignore... ??? Erek Adams (Aug 19)
- Re: portscan2-ignore... ??? Erek Adams (Aug 17)
- Re: portscan2-ignore... ??? Michael D Schleif (Aug 16)
- Re: portscan2-ignore... ??? Erek Adams (Aug 18)
- Re: portscan2-ignore... ??? Michael D Schleif (Aug 18)