On 12.09.2001 at 11:30:02, Andrew Pollock <[EMAIL PROTECTED]> wrote: > Even if I run snort-stat manually on auth.log (after I've made snort start with > -s) it doesn't return anything when there are alerts in the log. > > Any suggestions appreciated, I'd like to get daily summary emails.
Well I popped off to www.snort.org and downloaded the latest snort_stat.pl, and lo and behold, it works. I think the snort-stat included in snort-common (1.8p1-1) doesn't match the version of snort (it's looking for different regular expressions in the logs). Andrew
