Re: snort and big brother

["Sentinel Sentinel" <u-235-sentinel () eudoramail com>]

Been using BB for a couple of years myself and I love it.  Recently been using Snort and am interested in setting this 
up (eventually).

A wild guess here.  If the external script dies after running fine for a few minutes then check the BBOUT on Big 
Brother.  I'm curious why purple.  Also you might want to check the script itself.  It may be something the author 
intended to happen if an event was triggered.  Search for "COLOR=" and see.

Wish I could give you a better answer.  I haven't done this yet :-)



---
Sorry to post this here, but I couldnt get a response frp, the big brothe=
r archives

I am using snort and big brother.  I ahve downloaded a script called snor=
t2bb.pl which reads the snort alert log file, and passes the info into
big brother.  Everything is working, except, after a few hours, the colum=
n is showing up as purple (no update) in big brother.  I am calling the s=
cript out from
bb-bbexttab.  I am just wondering why it works for quite a while, and the=
n suddenly stops.

If anyone has any ideas, I would appreciate hearing them..

Thanks,
Taylor

Taylor Lewick
Unix System Administrator
Fortis Benefits
816 881 6073

"Help Wanted.  Seeking Telepath..."
"You Know where to apply."


Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at http://www.eudoramail.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users