I'm running Debian unstable and the snort-stat script does not do
reporting correctly. All I receive is a blank e-mail in place of the
proper statistics it should create.
After a little bit of troubleshooting, I have made a change in the
script (diff follows below). It seems my auth.log output is just a
little bit different than what snort-stat thinks. Is anybody else
having this problem?
/usr/sbin/snort-stat is my modified version
--- ./snort-stat Tue Jul 24 08:33:36 2001
+++ /usr/sbin/snort-stat Tue Jul 24 08:33:47 2001
@@ -78,7 +78,7 @@
# For snort log, added by $Author: yenming $
# If this is a snort log
- if (/^(\w{3})\s+(\d+)\s(\d+)\:(\d+)\:(\d+)\s([\w-]+)\ssnort\[\d+\]:\s+
+ if (/^(\w{3})\s+(\d+)\s(\d+)\:(\d+)\:(\d+)\s([\w]+)\ssnort\:\s+
([^:]+):\s([\d\.]+)[\:]*([\d]*)\s[\-\>]+\s([\d\.]+)[\:]*([\d]*)/ox)
{
$month = $1; $day = $2; $hour = $3; $minute = $4;
