Snort mailing list archives
RE: Email alerts for ACID
From: "Graham Cooper" <gcooper () servecast com>
Date: Mon, 8 Jul 2002 09:49:10 +0100
Hi Erek, After much investigation (and frustration with Logwatch !!) I have gotten a feasible solution to work with Snort/Acid which will email me alerts on preconfigured parameters outlined in Logsentry (www.psionic.com). I have configured Logsentry to monitor the log files and based on cetain parameters (which incidentally I configured through Webmin's Logsentry module). Logsentry then sends the alerts to Sendmail and on to my own mail server. The configuration for the destination email address and mail server exe are in Logsentry.sh. Rgds, Graham Cooper Servecast -----Original Message----- From: Erek Adams [mailto:erek () theadamsfamily net] Sent: 08 July 2002 05:28 To: Semerjian, Ohanes Cc: 'Poppi, Sandro'; Graham Cooper; Hicks, John; snort-users () lists sourceforge net Subject: RE: [Snort-users] Email alerts for ACID On Mon, 8 Jul 2002, Semerjian, Ohanes wrote:
Since this subject is on the table, here is my question and hope
someone
could assist. I'm logging Snort alerts to Mysql and using ACID also,
what
trying to achieve is to get the alerts to my mailbox then I'll
investigate
the alerts of interest (not using swatch, coz I don't wana log
twice)rather
me spending time checking the ACID everyday.
Unless something has radically changed in ACID, it does _not_ have the function you are after. Yes, it does have an 'Email Alerts' function, but that just simply sends the alert onscreen as an email to an address. You might want to consider is to use swatch to watch your alert file and not your syslog. You'll have to tweak the swatch.conf file, but it shouldn't be too evil. IIRC, somewhere in the snort-users archives, there is a snippet of a swatch script to do just that. I might be wrong on all this--I don't have an ACID server up and going right now. *sigh* Just one more reason I _really_ need to get my testlab back up and working at full steam again.... Hope that helps some! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Oh, it's good to be a geek. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Email alerts for ACID Graham Cooper (Jul 04)
- <Possible follow-ups>
- RE: Email alerts for ACID Hicks, John (Jul 04)
- RE: Email alerts for ACID Graham Cooper (Jul 05)
- RE: Email alerts for ACID Semerjian, Ohanes (Jul 07)
- RE: Email alerts for ACID Erek Adams (Jul 07)
- RE: Email alerts for ACID Graham Cooper (Jul 08)