On 12.09.2001 at 12:24:59, <[EMAIL PROTECTED]> wrote: > What version are you using??
Version 1.8-RELEASE (Build 43) > make sure the following line is in your snort.conf -- I think the debian > equiv is snort-lib: > > output alert_syslog: LOG_AUTH I've uncommented this line in my snort.conf. I'm guessing it's synonymous with the -s option, so I've stopped invoking snort from /etc/ip-up.d/snort with that flag. It doesn't seem to log to /var/log/snort/alert any more but it is logging to /var/log/auth.log The problem now would appear to be the log format has changed, but snort-stat hasn't changed since version 1.7 > --sjk > > On 12 Sep, Andrew Pollock wrote: > > Hi, > > > > I've always had problems with 5snort killing snort daily when snort's running in > > dialup mode (I fixed that by commenting out the restart line) but I'm not > > getting anything in the daily notification emails either. > > > > /etc/ppp/ip-up.d/snort doesn't start snort with -s, so nothing goes into > > /var/log/auth.log, everything goes into /var/log/snort/alert > > > > /etc/cron.daily/5snort doesn't read this particular file, it only looks at > > auth.log > > > > Even if I run snort-stat manually on auth.log (after I've made snort start with > > -s) it doesn't return anything when there are alerts in the log. > > > > Any suggestions appreciated, I'd like to get daily summary emails. > > > > Andrew > > > > > > -- > -------- Aude Sepere ------- > [EMAIL PROTECTED] > ---- Audax et Cautus ------- > >
