Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: No trace for corresponding alerts

From: niceshorts () yahoo com
Date: Thu, 4 Oct 2001 13:53:37 -0500
Sheahan, Paul (PCLN-NW) hat geschrieben:



Hello,

I'm using Snort 1.8.1 B78 on Red Hat Linux 7.0. I use the latest version of
snort_stat.pl to generate reports for me every night at midnight. I then
have the report emailed to me automatically.

For every alert, there has ALWAYS been a corresponding trace in my trace
file. This allows me to lookup details on alerts when needed. Ever since
upgrading to Build 78 and the latest snort_stat (both upgraded around the
same time), maybe 10% of the time, I find no corresponding trace for a given
alert. Not sure if this is a bug in Build 78 or the latest snort_stat, but
there is a DEFINITE problem. This worked flawlessly in the past. Has anyone
else experienced this? 


    Post some example alerts. I've seen this problem often on
    win32 beta builds. There are some distinguishing features of
    these "phantom" alerts which I would like some correlation
    on. I don't use snort_stat so if you could cut and paste from
    alert.ids that would be great.

    -anthony kim
-- 
HTTP request sent, awaiting response... 404 Object Not Found
ERROR 404: Object Not Found.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: