[Snort-users] UDP and ICMP logs not linked?

James Hoagland hoagland at ...47...
Wed Feb 6 10:54:05 EST 2002


At 11:32 PM -0800 2/5/02, David Bellizzi wrote:
>TCP alerts have links to the snort packet logs in the report but UDP 
>and ICMP alerts do not.  Did I miss something?
>
>I use the following command to generate the report.
>
>/usr/local/bin/snortsnarf.pl -dns \
>                             -d 
>/export/htdocs/reports/snort/snortsnarf/current \
>                             -ldir /var/log/snort \
>                             -homenet X.X.X.X/30 \
>                             -rulesdir /usr/local/etc \
>                             -rulesfile /usr/local/etc/snort.conf \
>                             -refresh=60 \
>                             /var/log/messages

David,

What version of SnortSnarf are you using?  And can I see a couple 
examples of the alerts that don't have links (you can change the IP's 
mentioned for posting).

-- Jim

P.s. Also check out the SnortSnarf-users list.
-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|




More information about the Snort-users mailing list