Snort mailing list archives
AW: AW: (Snort-users) AW: (Snort-users) Newbie Question..
From: <sandro.poppi () wacker com>
Date: Tue, 22 Jan 2002 12:15:00 +0100
Edwin, as you can see in the original snort-check script it's intended to be run from within swatch. To send the actual /var/log/alert you'll have to use cat/tail or such (you surely don't want to send the whole file ech time) instead of echo "$*" | mail ... For exactly that reason I use swatch to send me alerts nearly in realtime (every minute). snort-check won't send any alerts without being triggered anyhow, that's were swatch comes into sight (see Configuring swatch in my HOWTO). If you do see alerts but get no email (and you are using swatch or something else to trigger snort-check) take a look at your maillog or try root@localhost as a recipient. HTH, Sandro
Hi Sandro, So far there's no error in the program after changing it #!/bin/bash and upon compiling it. But it doesnt send the actual alert file. I mean, i did a simulation test using nmap to alert my snort box. But the snort-check program didn't send any email, though i've seen in the snort box using "tail -f /var/log/snort/alert" file that there's some port scanning going on. What will i edit or add in the snort-check program to email the actual alert files of snort in real time once attacks have been detected by the snort? thanx for ur help. regards, EdwinFrom: <sandro.poppi () wacker com> To: <edwin1118 () hotmail com> CC: <snort-users () lists sourceforge net> Subject: AW: (Snort-users) AW: (Snort-users) Newbie Question.. Date: Mon, 21 Jan 2002 07:20:00 +0100 I checked the modified program on RH 7.0 and 7.2 and itworked withouterror. The only thing I did was adding a # before the line "if a recipient file exists" Could you please be more specific if the error still exists?Please includethe error message and line number. You may take a look on/bin/sh: If it doesnot point to /bin/bash then this may be the error. Replace #!/bin/sh with #!/bin/bash. I will fix this in the next version to be more specific. Ciao, Sandro_________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: AW: (Snort-users) AW: (Snort-users) Newbie Question.. sandro.poppi (Jan 22)