[Snort-users] snort_stat.pl

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Mon Jan 20 12:23:22 EST 2003


FYI

After further investigation, I found my custom rules were missing the
classtype tag. Snort still works without these tags though if this tag is
missing in the rules, then alerts get logged differently and when you run
snort_stat, it comes out screwed up. 

Problem solved...thanks for the help.


-----Original Message-----
From: Lodin, Steven {DI~Basel} [mailto:STEVEN.LODIN at ...2526...]
Sent: Saturday, January 18, 2003 7:51 AM
To: Sheahan, Paul (PCLN-NW)
Subject: RE: [Snort-users] snort_stat.pl


Paul,

What is wrong with the existing snort_stat.pl?  I'm pretty sure I have
the same version running with 1.8.7 and 1.9.0.

Here is the output of snort_stat.pl on my home network running with
1.9.0:

http://157.161.55.59:8/snort.html

Let me know if you want the script I'm using.  I doubt I've modified it
though.

> Does anyone know if a updated version of snort_stat.pl has 
> been released that works well with Snort 1.9?
> 

Steve Lodin, CISSP
Roche Diagnostics
Head of Global IT Security
Office +41-61-688-4738
Mobile +41-79-770-9717




More information about the Snort-users mailing list