Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (Snort-users) swatch/snort config

From: "Edwin Pua" <edwin1118 () hotmail com>
Date: Wed, 23 Jan 2002 12:34:10 +0000
Sandro,
Ok, i run the swatch with no error mesg using --config-file but i can't still receive the alert email, though i've been seeing the alert under /var/log/snort/alert file... (it's weird...) do i need to put the whole alert path in the "/etc/swatch/swatch.conf"? 

    Here is my current config.

#SNORT-CHECK Program
#i put my snort-check program and recipient file under #/usr/local/src/snort-1.8.., since i compiled snort under #/usr/local/src/ (no error here whenever i run the program manually, it sends me an email) 

/usr/local/src/snort-1.8.3/snort-check
/usr/local/src/snort-1.8.3/recipients


#SWATCH.CONF File
#here's my current swatch config
#/etc/swatch/swatch.conf
watchfor /snort\[/
echo
exec=/usr/local/src/snort-1.8.3/snort-check $0
mail=edwin@scv.comsg #just testing this line


### running both swatch and snort ###
then i run first the swatch before the snort program:

]swatch --config-file /etc/swatch/swatch.conf

]./snort -b -A fast -c snort.conf
then i did a simulation test via port scanning to my snort box to create alert files and i saw the real time alert logs in my snort box using "tail -f /var/log/snort/alert but i wasnt able to receive any email based from my swatch.conf, what else do i need to check? 


thanx in advance...

regards,
Edwin




From: <sandro.poppi () wacker com>
Edwin
>
>   but i got an error mesg when i tried to run /usr/bin/swatch.
>
>        swatch: cannot read /root/.swatchrc
>        swatch: using default configuration of:
>                   watchfor = /.*/
>                   echo = random
>
you should use the command line option --config-file /etc/swatch/swatch.conf. 
Take a look on the snortd script I wrote.

>   btw, what is the purpose of swatch_old2newrc? is this the
> program that
> runs the swatch.conf?




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: