Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: automatically generate and email a daily report?

From: "Lay, James" <james.lay () wincofoods com>
Date: Mon, 12 Dec 2011 14:23:38 -0700
-----Original Message-----
From: MLP SCADA [mailto:MLPSCADA () ci anchorage ak us]
Sent: Monday, December 12, 2011 1:38 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] automatically generate and email a daily

report?



Hey folks.

I've got snort/barnyard2 populating a mysql database.  I've got base

running as a front end.


What I'd like to do is automatically email a once a day summary of of

the last 24 hours unique alerts to the on-

calls, similar to the unique daily summary that base provides.


<snip> 

What other options do folks use for a daily summary email to the

relevant folks?


Thanks!


I use the fast file as the method of finding alerts types....then send
that yesterdaysalerts.txt to yourself and away you go.  I have this run
in a cron job at 11:59 and am greeted with a slick email at 8 am
everyday with all the types of crud that happened the day before.
Season to taste for file locals...hope that helps.

James

#!/bin/bash
sudo grep `date +%m/%d` /var/log/all.fast |  awk ' { for (i=3; i<=NF;
i++) printf("%s ", $i); printf("\n") } ' | grep -v SHELLCODE | sed
s/Priority.*$// |  sed 's/\[$//' | sort -u > yesterdaysalerts.txt



------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: