Hello all, I am using snort on Debian sarge. I am using 5snort to email daily reports on the snort alert file. Sometimes the report lists several events but does not give any details. Does anyone know how to set this to where it will report EVERY entry in the alert log? I figure it has something to do with a threshold setting somewhere but I cannot find it. I have posted this to the snort-users list but as always my relatively newbie questions are being ignored.
Below I have pasted a sample of one of the "no detail" emails. Thanks, -Jason Events between 10 30 09:51:50 and 10 30 09:51:50 Total events: 1 Signatures recorded: 1 Source IP recorded: 1 Destination IP recorded: 1 Events from same host to same destination using same method ======================================================================== = # of from to method ======================================================================== = Percentage and number of events from a host to a destination ============================================================ % # of from to ============================================================ Percentage and number of events from one host to any with same method ============================================================== % # of from method ============================================================== Percentage and number of events to one certain host ================================================================= % # of to method ================================================================= The distribution of event methods =============================================== % # of method ===============================================
