Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Email alerts

From: Erek Adams <erek () snort org>
Date: Tue, 8 Apr 2003 08:57:19 -0500 (EST)
On Mon, 7 Apr 2003, Matt Kettler wrote:


Read the fine FAQ for the basic suggestion:

http://www.snort.org/docs/faq.html#5.7

In a bit more detail, swatch/logcheck are tools which search logs for
various substrings and run external scripts when they find those strings.
You should be able to use the priority field as a part of your search
condition.

Swatch has a homepage here:
http://swatch.sourceforge.net/


And to add to what Matt said:

Have a look at this [0].  It's a swatch.conf file that Jason Haar put
together as an example of 'emailing alerts'.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.theadamsfamily.net/~erek/snort/snort-swatch.conf.txt


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: