I have snort and logcheck installed on a Debian 7 VM and was getting a lot of snort log entries in the logcheck emails. It turns out that there were some unescaped pipe characters in the snort rules file (been there since 2007) that would have just resulted in a global match for any log entry from snort were it not for the fact that there was also a pid included in the snort log entries. The output from snort also seems to bear little relation to what was apparently produced back in 2007.
So here is an updated rules file. It works with my version of snort, 2.9.3.1 which is from experimental, with latest registered user rules. This is because oinkmaster seems unable to download rules for 2.9.2.2. Enjoy. Andrew
snort
Description: snort
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
