Snort mailing list archives
Re: No trace for corresponding alerts
From: niceshorts () yahoo com
Date: Thu, 4 Oct 2001 13:53:37 -0500
Sheahan, Paul (PCLN-NW) hat geschrieben:
Hello, I'm using Snort 1.8.1 B78 on Red Hat Linux 7.0. I use the latest version of snort_stat.pl to generate reports for me every night at midnight. I then have the report emailed to me automatically. For every alert, there has ALWAYS been a corresponding trace in my trace file. This allows me to lookup details on alerts when needed. Ever since upgrading to Build 78 and the latest snort_stat (both upgraded around the same time), maybe 10% of the time, I find no corresponding trace for a given alert. Not sure if this is a bug in Build 78 or the latest snort_stat, but there is a DEFINITE problem. This worked flawlessly in the past. Has anyone else experienced this?
Post some example alerts. I've seen this problem often on win32 beta builds. There are some distinguishing features of these "phantom" alerts which I would like some correlation on. I don't use snort_stat so if you could cut and paste from alert.ids that would be great. -anthony kim -- HTTP request sent, awaiting response... 404 Object Not Found ERROR 404: Object Not Found. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No trace for corresponding alerts Sheahan, Paul (PCLN-NW) (Oct 04)
- Re: No trace for corresponding alerts niceshorts (Oct 04)
- <Possible follow-ups>
- RE: No trace for corresponding alerts Sheahan, Paul (PCLN-NW) (Oct 05)
- RE: No trace for corresponding alerts Anthony Kim (Oct 05)
- RE: No trace for corresponding alerts Sheahan, Paul (PCLN-NW) (Oct 05)
- Re: No trace for corresponding alerts niceshorts (Oct 06)
- Message not available
- Re: No trace for corresponding alerts niceshorts (Oct 12)
- Re: No trace for corresponding alerts niceshorts (Oct 06)
- RE: No trace for corresponding alerts Michael Steele (Oct 12)