Re: AW: (Snort-users) Newbie Question..

["Edwin Pua" <edwin1118 () hotmail com>]

Afternoon Sandro,

   i've checked your URL and it's a good reference indeed. but i've fond 
some syntax errors in the snort-check program when i'm testing it. though i 
tried modifying it but i still some errors. do u have the latest one?
   i really wanted to test aprogram that will alert me via email based from 
my snort logs. (im running RH7.2)


# Modified Program:

#!/bin/sh
recipientfile=/etc/snort/recipients

if a recipient file exists
if [ -s "$recipientfile" ] ; then
  # generate the recipientlist with email adresses.
  for i in `cat $recipientfile` ; do
    recipients="$recipients "$i
  done

  echo "$*" | mail -s "Snort-Alert!!!" "$recipients"
fi


 thanx..

edwin

> From: <sandro.poppi () wacker com>
> To: <edwin1118 () hotmail com>
> CC: <snort-users () lists sourceforge net>
> Subject: [Snort-users] AW: (Snort-users) Newbie Question..
> Date: Wed, 16 Jan 2002 08:05:00 +0100
>
> Morning Edwin,
>
> This works very well on the same machine without interfering snort. If 
> you're
> monitoring more than one segment or your machine is somehow undersized it 
> may be
> a better way to use a separate pc with those tools and the underlying 
> database
> and make snort log to the remote db.
>
> > Any suggestion?
>
> You might also want to have a look at my HOWTO at www.linuxdoc.org or
> www.lug-burghausen.org/projects/index.html#snort-stat.
>
> Ciao,
> Sandro
> >


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users