Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: AW: (Snort-users) AW: (Snort-users) Newbie Question..

From: <sandro.poppi () wacker com>
Date: Tue, 22 Jan 2002 12:15:00 +0100
Edwin,

as you can see in the original snort-check script it's intended to be run from
within swatch. To send the actual /var/log/alert you'll have to use cat/tail or
such (you surely don't want to send the whole file ech time) instead of echo
"$*" | mail ...

For exactly that reason I use swatch to send me alerts nearly in realtime (every
minute). snort-check won't send any alerts without being triggered anyhow,
that's were swatch comes into sight (see Configuring swatch in my HOWTO).

If you do see alerts but get no email (and you are using swatch or something
else to trigger snort-check) take a look at your maillog or try root@localhost
as a recipient.

HTH,
Sandro



Hi Sandro,

   So far there's no error in the program after changing it
#!/bin/bash and
upon compiling it.

   But it doesnt send the actual alert file. I mean, i did a
simulation test
using nmap to alert my snort box. But the snort-check program
didn't send
any email, though i've seen in the snort box using "tail -f
/var/log/snort/alert" file that there's some port scanning going on.

   What will i edit or add in the snort-check program to
email the actual
alert files of snort in real time once attacks have been
detected by the
snort?

   thanx for ur help.




regards,
Edwin





From: <sandro.poppi () wacker com>
To: <edwin1118 () hotmail com>
CC: <snort-users () lists sourceforge net>
Subject: AW: (Snort-users) AW: (Snort-users) Newbie Question..
Date: Mon, 21 Jan 2002 07:20:00 +0100
I checked the modified program on RH 7.0 and 7.2 and it

worked without

error.
The only thing I did was adding a # before the line
"if a recipient file exists"

Could you please be more specific if the error still exists?

Please include

the
error message and line number. You may take a look on

/bin/sh: If it does

not
point to /bin/bash then this may be the error. Replace #!/bin/sh with
#!/bin/bash. I will fix this in the next version to be more specific.

Ciao,
Sandro






_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com






_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: