RE: snort_stat.pl

["Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>]

FYI

After further investigation, I found my custom rules were missing the
classtype tag. Snort still works without these tags though if this tag is
missing in the rules, then alerts get logged differently and when you run
snort_stat, it comes out screwed up. 

Problem solved...thanks for the help.


-----Original Message-----
From: Lodin, Steven {DI~Basel} [mailto:STEVEN.LODIN () Roche COM]
Sent: Saturday, January 18, 2003 7:51 AM
To: Sheahan, Paul (PCLN-NW)
Subject: RE: [Snort-users] snort_stat.pl


Paul,

What is wrong with the existing snort_stat.pl?  I'm pretty sure I have
the same version running with 1.8.7 and 1.9.0.

Here is the output of snort_stat.pl on my home network running with
1.9.0:

http://157.161.55.59:8/snort.html

Let me know if you want the script I'm using.  I doubt I've modified it
though.

> Does anyone know if a updated version of snort_stat.pl has 
> been released that works well with Snort 1.9?

Steve Lodin, CISSP
Roche Diagnostics
Head of Global IT Security
Office +41-61-688-4738
Mobile +41-79-770-9717


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users