What version are you using?? make sure the following line is in your snort.conf -- I think the debian equiv is snort-lib:
output alert_syslog: LOG_AUTH --sjk On 12 Sep, Andrew Pollock wrote: > Hi, > > I've always had problems with 5snort killing snort daily when snort's running > in > dialup mode (I fixed that by commenting out the restart line) but I'm not > getting anything in the daily notification emails either. > > /etc/ppp/ip-up.d/snort doesn't start snort with -s, so nothing goes into > /var/log/auth.log, everything goes into /var/log/snort/alert > > /etc/cron.daily/5snort doesn't read this particular file, it only looks at > auth.log > > Even if I run snort-stat manually on auth.log (after I've made snort start > with > -s) it doesn't return anything when there are alerts in the log. > > Any suggestions appreciated, I'd like to get daily summary emails. > > Andrew > > -- -------- Aude Sepere ------- [EMAIL PROTECTED] ---- Audax et Cautus -------
