Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: (Snort-users) Feature Request

From: <sandro.poppi () wacker com>
Date: Mon, 24 Sep 2001 15:42:00 +0200
Hi *

I'am testing Snort as a NIDS and i was quite happy until i realized,
that Snort is far away from automatisation. As you might can imagine
you won't look a whole day at the logs and make every minute a SQL -
Query against a MySQL-DB.

Features to be requested
- Skript-Startup at a definite Level
  i would like to have the followin Options:
  Priority == 3 -> start /usr/snort/scripts/myPrio3Script
  Priority >= 6 -> start /usr/snort/Scripts/emailalert
xyz () aaa bbb ccc ddd
  Priority >= 9 -> start /usr/snort/scripts/emailalert SecurityStaff

emailalert: should inform a special user or a group, that you are
under Attack. With some Information : SourceIP, DestinationIP, Type of
Attack
and Priority of this event.


This part could be done via swatch. Take a look at the swatch section of
http://www.lug-burghausen.org/projects/index.html#snort-stat.

[snip]

Ciao,
Sandro


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: