Snort mailing list archives

modifying 5snort to add more detail to email

From: "Kretzer, Jason R (Big Sandy)" <jason.kretzer () kctcs edu>
Date: Wed, 9 Nov 2005 11:18:33 -0500

Hello all,
 
I am using snort on Debian sarge.  Debian comes with a cron.daily script
called 5snort.  This log handles emailing a report on the snort alerts.
Sometimes the report lists several events but does not give any details.
Does anyone know how to set this to where it will report EVERY entry in
the alert log?  Below I have pasted a sample of one of the "no detail"
emails.
 
Thanks,
 
-Jason
 
 
 
 
 
 
 Events between  10 30 09:51:50  and  10 30 09:51:50
Total events: 1
Signatures recorded: 1
Source IP recorded: 1
Destination IP recorded: 1


Events from same host to same destination using same method
========================================================================
=
 # of  from             to               method
========================================================================
=


Percentage and number of events from a host to a destination
============================================================
 %    # of  from             to
============================================================


Percentage and number of events from one host to any with same method
==============================================================
 %    # of  from             method
==============================================================


Percentage and number of events to one certain host
=================================================================
 %    # of  to               method
=================================================================


The distribution of event methods
===============================================
 %    # of  method
===============================================

Current thread:

modifying 5snort to add more detail to email Kretzer, Jason R (Big Sandy) (Nov 09)