-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

i am trying to write a bpf filter and i get this error message, i am
doing it as root. any pointers

 snort -i eth4 not dst net 10.x.x.0/24 ip proto icmp
Log directory = /var/log/snort

Initializing Network Interface eth4
WARNING: OpenPcap() device eth4 network lookup:
        SIOCGIFADDR: eth4: Cannot assign requested address
ERROR: OpenPcap() FSM compilation failed:
        parse error
PCAP command: not dst net 10.x.x.0/24 ip proto icmp
Fatal Error, Quitting..

- -----Original Message-----
From: matt [mailto:mkettlerevi-inc.com]
Sent: Saturday, June 01, 2002 2:35 PM
To: JEFF Collins; snort-userslists.sourceforge.net
Subject: Re: [Snort-users] Email alert and porscan.log on a daily
basis

Personally I have a small script in my daily cron that emails me the
logfiles and then rotates them.

My script is quick, dirty, and might not work for you, but this is
the
basic crux of the script is below (and yes I've modified my email
address
to an invalid one in case someone is foolish enough to not change it
:)
- -----------------------------

SNORTLOGS=/var/log/snort

mail -s"Snort: Alerts" mkettler_snortevi-inc.com <
${SNORTLOGS}/alert
mail -s"Snort: Portscans Summary" mkettler_snortevi-inc.com <
${SNORTLOGS}/log

rm ${SNORTLOGS}/alert.2
mv ${SNORTLOGS}/alert.1 ${SNORTLOGS}/alert.2
mv ${SNORTLOGS}/alert ${SNORTLOGS}/alert.1

rm ${SNORTLOGS}/log.2
mv ${SNORTLOGS}/log.1 ${SNORTLOGS}/log.2
mv ${SNORTLOGS}/log ${SNORTLOGS}/log.1

At 03:52 PM 5/31/2002 -1000, JEFF Collins wrote:
>I would like to setup SNORT to email the alert and portscan
>information for each day, on a daily basis to multiple recipients.
>Does anyone have recommendations on a good way to go about doing
>this?
>
>Thanks,
>
>Jeff

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas --
http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPPucQDZTx2DAOjqrEQJQUQCgh2rLpNnZMvEvWYTyBBTdg9sw2QIAnjYk
XDjgjH/Dx/ifP2pJG1Fk1287
=wJrg
-----END PGP SIGNATURE-----

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]