Snort mailing list archives
AW: (Snort-users) Feature Request
From: <sandro.poppi () wacker com>
Date: Mon, 24 Sep 2001 15:42:00 +0200
Hi * I'am testing Snort as a NIDS and i was quite happy until i realized, that Snort is far away from automatisation. As you might can imagine you won't look a whole day at the logs and make every minute a SQL - Query against a MySQL-DB. Features to be requested - Skript-Startup at a definite Level i would like to have the followin Options: Priority == 3 -> start /usr/snort/scripts/myPrio3Script Priority >= 6 -> start /usr/snort/Scripts/emailalert xyz () aaa bbb ccc ddd Priority >= 9 -> start /usr/snort/scripts/emailalert SecurityStaff emailalert: should inform a special user or a group, that you are under Attack. With some Information : SourceIP, DestinationIP, Type of Attack and Priority of this event.
This part could be done via swatch. Take a look at the swatch section of http://www.lug-burghausen.org/projects/index.html#snort-stat. [snip] Ciao, Sandro _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) Feature Request sandro.poppi (Sep 24)