[Snort-users] Snort_Stat.pl and Full Alerts

Erek Adams erek at ...577...
Tue Jun 5 14:13:58 EDT 2001


I've got to stop working...  I can't keep up with all the new
features/revisions!  ;-)


Ok, for the real isssue....  I'm running 1.7b8 in production and I really
would like to move to a nice stable 1.8b?? version.  We're currently using
Snort_Stat.pl to give mgmt a nice little who did what report.

In trying to improve speed, we're ditching our sysloging.  I grabbed the
newest copy of Snort_Stat.pl (1.6.6.1) and tried to point it at alert.full,
but it does not seem to like it at all.

Does anyone use it with the FULL output format?  If so, what magic did you
work on it?  If not, I'll be hacking into it later.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list