Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Email alerts for ACID

From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 7 Jul 2002 21:27:50 -0700 (PDT)
On Mon, 8 Jul 2002, Semerjian, Ohanes wrote:


Since this subject is on the table, here is my question and hope someone
could assist. I'm logging Snort alerts to Mysql and using ACID also, what
trying to achieve is to get the alerts to my mailbox then I'll investigate
the alerts of interest (not using swatch, coz I don't wana log twice)rather
me spending time checking the ACID everyday.


Unless something has radically changed in ACID, it does _not_ have the
function you are after.  Yes, it does have an 'Email Alerts' function, but
that just simply sends the alert onscreen as an email to an address.

You might want to consider is to use swatch to watch your alert file and not
your syslog.  You'll have to tweak the swatch.conf file, but it shouldn't be
too evil.  IIRC, somewhere in the snort-users archives, there is a snippet of
a swatch script to do just that.

I might be wrong on all this--I don't have an ACID server up and going right
now.  *sigh* Just one more reason I _really_ need to get my testlab back up
and working at full steam again....

Hope that helps some!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
We have stuff for geeks like you.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: