[Snort-users] snort_stat.pl

Roeland Weve roeland at ...1415...
Thu Jun 14 08:43:25 EDT 2001


I am trying to use snort_stat.pl, but I can't get any output ...
The log begins from:   ::
The log ends     at:   ::
Total events: 1
Signatures recorded: 0
Source IP recorded: 0
Destination IP recorded: 0

Quite strange, because the alert file is pretty filled, i.e.:
[**] IDS177/netbios_netbios-name-query [**]
[Classification: information gathering attempt] [Priority: 8]
06/14-13:59:31.856830 194.134.249.78:137 -> 195.109.135.153:137
UDP TTL:119 TOS:0x0 ID:45851 IpLen:20 DgmLen:78
Len: 58
[Xref => http://www.whitehats.com/info/IDS177]

[**] IDS177/netbios_netbios-name-query [**]
[Classification: information gathering attempt] [Priority: 8]
06/14-13:59:31.870737 194.134.249.78:137 -> 195.109.135.153:137
UDP TTL:119 TOS:0x0 ID:46107 IpLen:20 DgmLen:78
Len: 58

Command I use:
cat /var/log/snort/alert | ./snort_stat.pl

Does anybody else has seen this before?
Or does somebody know how to solve this?

Thanx,

	Roeland




More information about the Snort-users mailing list