Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort_stat.pl

From: Roeland Weve <roeland () office netland nl>
Date: Thu, 14 Jun 2001 14:43:25 +0200
I am trying to use snort_stat.pl, but I can't get any output ...
The log begins from:   ::
The log ends     at:   ::
Total events: 1
Signatures recorded: 0
Source IP recorded: 0
Destination IP recorded: 0

Quite strange, because the alert file is pretty filled, i.e.:
[**] IDS177/netbios_netbios-name-query [**]
[Classification: information gathering attempt] [Priority: 8]
06/14-13:59:31.856830 194.134.249.78:137 -> 195.109.135.153:137
UDP TTL:119 TOS:0x0 ID:45851 IpLen:20 DgmLen:78
Len: 58
[Xref => http://www.whitehats.com/info/IDS177]

[**] IDS177/netbios_netbios-name-query [**]
[Classification: information gathering attempt] [Priority: 8]
06/14-13:59:31.870737 194.134.249.78:137 -> 195.109.135.153:137
UDP TTL:119 TOS:0x0 ID:46107 IpLen:20 DgmLen:78
Len: 58

Command I use:
cat /var/log/snort/alert | ./snort_stat.pl

Does anybody else has seen this before?
Or does somebody know how to solve this?

Thanx,

        Roeland

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: