Re: ACID email notification

[Erik Fichtner <emf () servervault com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Feb 01, 2002 at 07:37:03PM +0900, Ian Masters wrote:
> I'm having difficulty locating information on how this could be done or 
> indeed if it's possible to send logging information to both postgreSQL and 
> syslog in order to trip off something like Swatch.

swatch is alright, but you should really check out logsurfer.  logsurfer
lets you open up contexts based on bits of text found in a message and then
capture related log lines in the same bucket; and then report it all at once.
A major win.   (In fact, it's so good that I don't do realtime database
logging at all anymore; I just batch up my tcpdump format files and insert
them periodically)

Anyway, what you want looks something like this:
output log_tcpdump: snort.log
output alert_syslog: LOG_LOCAL6 LOG_NOTICE LOG_NDELAY
output database: alert, postgresql, dbname=snort host=bleah user=gonk password=blah encoding=hex detail=full


- -- 
Erik Fichtner
Security Administrator, ServerVault, Inc.
703-333-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8WndgQ7EzrewLMS0RAkcyAKCM8rbjN7aLsUx9PcpqWzC4cqttbgCgjApB
/eF5CHIWGBC/PUxaInZJAFE=
=c2tN
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users