[Snort-users] No trace for corresponding alerts

niceshorts at ...131... niceshorts at ...131...
Thu Oct 4 11:55:04 EDT 2001


Sheahan, Paul (PCLN-NW) hat geschrieben:

>
>Hello,
>
>I'm using Snort 1.8.1 B78 on Red Hat Linux 7.0. I use the latest version of
>snort_stat.pl to generate reports for me every night at midnight. I then
>have the report emailed to me automatically.
>
>For every alert, there has ALWAYS been a corresponding trace in my trace
>file. This allows me to lookup details on alerts when needed. Ever since
>upgrading to Build 78 and the latest snort_stat (both upgraded around the
>same time), maybe 10% of the time, I find no corresponding trace for a given
>alert. Not sure if this is a bug in Build 78 or the latest snort_stat, but
>there is a DEFINITE problem. This worked flawlessly in the past. Has anyone
>else experienced this? 

    Post some example alerts. I've seen this problem often on
    win32 beta builds. There are some distinguishing features of
    these "phantom" alerts which I would like some correlation
    on. I don't use snort_stat so if you could cut and paste from
    alert.ids that would be great.

    -anthony kim
-- 
HTTP request sent, awaiting response... 404 Object Not Found
ERROR 404: Object Not Found.




More information about the Snort-users mailing list