• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort and MailReport

Scheduled Pinned Locked Moved IDS/IPS
1 Posts 1 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    dales
    last edited by Jan 10, 2018, 10:05 PM Jan 10, 2018, 9:01 PM

    I'm using the mailreport package to give me a daily snort status update.  Sharing the commands in case others want them or have things to add that I missed.

    After setting up the mail report to run once per day, I added the following commands

    /usr/bin/uptime

/bin/pgrep -l snort

/usr/bin/tail /var/log/snort/*/alert

/usr/bin/sed -n '/^Starting/{h;d;}; H;${x;p;}' /var/log/snort/snort_rules_update.log

    The first command shows the system uptime and load average.  Second prints snort PID (so I know it's still running).  Third command prints any snort alerts that have occurred since the last time I cleared the alert logs.  Final command prints the results of the last rule update.

    Full output looks like this:

    Current report: Daily Report

    Command output: System Uptime (/usr/bin/uptime)
    x:xx AM  up 8 days, 14:38, 1 users, load averages: 0.10, 0.19, 0.17
    Command output: Snort PID (/bin/pgrep -l snort)
    84461 snort
    Command output: Snort Alerts (/usr/bin/tail /var/log/snort/*/alert)

    Command output: Snort Rules Updates (/usr/bin/sed -n '/^Starting/{h;d;}; H;${x;p;}' /var/log/snort/snort_rules_update.log)
    Starting rules update…  Time: 2018-01-10 xx:xx:xx
    Downloading Snort VRT rules md5 file snortrules-snapshot-2990.tar.gz.md5...
    Checking Snort VRT rules md5 file...
    There is a new set of Snort VRT rules posted.
    Downloading file 'snortrules-snapshot-2990.tar.gz'...
    Done downloading rules file.
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    There is a new set of Emerging Threats Open rules posted.
    Downloading file 'emerging.rules.tar.gz'...
    Done downloading rules file.
    Extracting and installing Snort VRT rules...
    Using Snort VRT precompiled SO rules for FreeBSD-10-0 ...
    Installation of Snort VRT rules completed.
    Extracting and installing Emerging Threats Open rules...
    Installation of Emerging Threats Open rules completed.
    Copying new config and map files...
    Updating rules configuration for: LAN ...
    Restarting Snort to activate the new set of rules...
    Snort has restarted with your new set of rules.
    The Rules update has finished.  Time: 2018-01-10 xx:xx:xx

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received