Snort mailing list archives
Setting up notifications in Snort
From: "Paul Martin" <pmartin () hgvc com>
Date: Thu, 8 Apr 2004 14:02:22 -0400
I have recently implemented Snort v2.1.2 on 2 boxes, reporting to one central MySQL database, using ACID for logfile analysis We'd like to take a more proactive stance towards intrusion detection and have a way to have Snort (or a plugin) notify us via SNMP/email/SMS/etc whenever a certain condition is met. I've looked at SnortSNMP, but it doesn't seem to have anything beyond 2.1.0 as far as functionality. I'd hate to drop back software versions for the sake of SNMP, but will if I have to. My question is twofold: 1) What plugins are out there that will allow Snort to notify me when a certain condition is met? Don't care how (SNMP/email/whatever), just need a method of notification. 2) Does anyone have a recommended setup for Snort? I know that it's going to be unique to every situation, but there have to be some accepted practices in terms of setup. As it stands, everything that comes across the wire seems to be getting logged, which is good, but I need to trim it down. Thoughts, anyone? Thanks for any assistance. Paul Martin Network Technician
Current thread:
- Setting up notifications in Snort Paul Martin (Apr 08)
- <Possible follow-ups>
- RE: Setting up notifications in Snort Harper, Patrick (Apr 08)
- RE: Setting up notifications in Snort Alan (Apr 09)
- RE: Setting up notifications in Snort Alan (Apr 09)
- RE: Setting up notifications in Snort Noble, Kevin (Apr 09)