Snort mailing list archives

Re: Snort and real-time alerting

From: "Jeronimo L. Cabral" <jelocabral () gmail com>
Date: Tue, 29 May 2012 12:11:52 -0300

Dear, I have Snort 2.9.2.1 logging to a MySQL database, but also I see
I have some pcap snort files under /var/log/snort as follow:

snort.log.1331564728

Why are these files creted for ???

And taking into account I'm logging all Snort events in MySQL DB, how
can I alert some defined events in real-time by email ???

Thanks a lot

On Mon, May 28, 2012 at 3:40 PM, waldo kitty <wkitty42 () windstream net> wrote:

On 5/28/2012 12:14, Jeronimo L. Cabral wrote:


Coming back to real-time monitoring of Snort, my Snort generates a lot
of snort log files under /var/log/snort, they have different names.

What can I do to monitor Snort if the file name changes ???



what logging type are you using? if those files are what i think they are,
they are actually pcap files and you have an alert file as well... if they
are pcap files only, then you can keep them for some random X time and then
delete them unless you have something else (reporting tools) that might use
them if you go back into history...

mine are named like "snort.log.1279385047" and they range in size due to the
traffic captured for alerts between snort restarts...

so, what are you trying to use to monitor snort via those files??


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Snort and real-time alerting, (continued)
- - Re: Snort and real-time alerting Jeronimo L. Cabral (May 23)
    - Re: Snort and real-time alerting Lay, James (May 23)
    - Re: Snort and real-time alerting Jeronimo L. Cabral (May 23)
    - Re: Snort and real-time alerting Lay, James (May 23)
    - Re: Snort and real-time alerting Jeremy Hoel (May 23)
    - Re: Snort and real-time alerting JJC (May 23)
    - Re: Snort and real-time alerting waldo kitty (May 24)
    - Re: Snort and real-time alerting JJC (May 24)
    - Re: Snort and real-time alerting Jeronimo L. Cabral (May 28)
    - Re: Snort and real-time alerting waldo kitty (May 28)
    - Re: Snort and real-time alerting Jeronimo L. Cabral (May 29)
    - Re: Snort and real-time alerting Eric G (May 28)