Snort mailing list archives
ACID/procmail/incident.pl
From: Shane Hickey <shane () howsyournetwork com>
Date: 24 Nov 2002 13:59:36 -0700
Howdy all, Before I got Snort/MySQL/ACID working, I was just sending snort alerts to syslog. Then, each night I had a script that would grep the snort events out of the logs and e-mail them to me. Then I would run through the whole thing using the incident.pl script (http://freshmeat.net/projects/incident.pl/). Anyway, now I'm loving ACID but I was wondering if anyone knew of a better way to do reporting on snort incidents using ACID. Here's what I'm doing now. I'll go through the incidents sorted by Source Address, then I have a particular query that looks naughty, I'll e-mail that to myself. Then I have a procmail recipe that dumps all of these e-mail bodies to a folder. Then I have a cronjob that processes this folder using the incident.pl script. I'm sure there must be a better way, but I'm not even partially competent with procmail. Anyway, just seeing what other people are doing on this. Shane ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID/procmail/incident.pl Shane Hickey (Nov 24)