[Snort-users] SNORT daily report

waldo kitty wkitty42 at ...14940...
Mon Jul 16 17:34:48 EDT 2012


On 7/16/2012 02:15, Jamie wrote:
> It's called something like snort-summary and you can find it being called in the /etc/cron.d directory I think.
>
> It just summarises /var/log/snort.alert - no particular magic.

interesting... i've never seen such in my pure/plain snort installations... i do 
have something that rotates the alert file each week and the sfportscan log 
monthly, though... what is used to generate that summary and where might it be 
found? it may be of some interest to my/our installations ;)

>
> Cheers,
>   Jamie
>
> Sent from a mobile device
>
>
> On 15 Jul 2012, at 23:31, Maneesh Patel<mnshptl32 at ...11827...>  wrote:
>
>> I am running an apache2 server on Ubuntu 10.04 (with ssh also
>> running).  I recently installed snort.  I apologize for this
>> elementary question, but I am having trouble understanding the daily
>> report e-mailed by snort.  There are various lines such as
>>
>>   COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
>>   (ftp_telnet) FTP traffic encrypted
>>
>> some to my IP address, some from it.  I would like to know what I
>> should be looking out for, which lines in the report are innocuous and
>> which might require some countermeasures.  The snort man page does not
>> shed light on this, as far as I can tell.  Can someone please direct
>> me to some documentation that clarifies the daily report?
>>
>> Maneesh





More information about the Snort-users mailing list