Re: Real-time email notification

[Brian Carpio <carb02 () csgsystems com>]

Actually there is a better program then swatch that's free (in my opinion
it's better).  It's called logcheck http://www.psionic.com/. They are the
creators of portsentry. With logcheck you can specify what files you want
checked. I use it for all my servers it's awesome. 


Brian Carpio

p.s I don;t work for them.. just an advocate of their software.


On Tue, 3 Jul 2001, Tim Olson wrote:

> I just wondered the same thing yesterday because I couldn't get
> smb_alert working, and I read a bit and found out about a package
> called "swatch" that does this.  It seems to work ok, but the
> catch I see so far is that it scans only the main syslog.  If you
> log to /var/log/snort/alerts or something else, it wouldn't
> do anything.  It MIGHT be able to do that, but I just haven't
> gotten that far in playing with it to find out if I can configure
> it to do another log file too.
>
> It does work well on the main syslog though.  It had a few
> hiccups in installation getting all the perl modules, but other
> than that, i've set it up on a redhat sparc and i386 machine.
>
> Tim
>
> Michael Pickert wrote:
> > Hi,
> >
> > can anybody tell me a way to check the snort-logfiles in real-time and send
> > a email to the  admin as a notificaiton of a alert?
> >
> > __
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users