Snort mailing list archives
Re: Sending Alert Via E-mail
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Tue, 6 Nov 2001 11:45:28 +1300
On Mon, Nov 05, 2001 at 12:21:09PM +0800, Fadzly Zainuddin wrote:
How can I send any attempt via e-mail. I'm running snork on Redhat 7.0.
Swatch is your friend: A /etc/swatchrc rule like: watchfor / snort:.*TELNET root login/ echo exec /usr/local/bin/swatchlogger -snort security () trimble co nz 'IDS Event' $* ... would trigger "swatchlogger" whenever someone logged into a root account via telnet. What "swatchlogger" is is of course your problem :-) -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sending Alert Via E-mail Fadzly Zainuddin (Nov 04)
- Re: Sending Alert Via E-mail Erek Adams (Nov 04)
- Re: Sending Alert Via E-mail Jason Haar (Nov 05)
- <Possible follow-ups>
- RE: Sending Alert Via E-mail Kresna Prawira (Nov 05)
- Re: Sending Alert Via E-mail niceshorts (Nov 05)
- FW: Sending Alert Via E-mail Fadzly Zainuddin (Nov 23)
- Re: FW: Sending Alert Via E-mail John Sage (Nov 23)
- Re: FW: Sending Alert Via E-mail Erek Adams (Nov 25)
- RE: FW: Sending Alert Via E-mail Frank Knobbe (Nov 24)