Snort mailing list archives
Re: ACID email notification
From: Erik Fichtner <emf () servervault com>
Date: Fri, 1 Feb 2002 06:09:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Feb 01, 2002 at 07:37:03PM +0900, Ian Masters wrote:
I'm having difficulty locating information on how this could be done or indeed if it's possible to send logging information to both postgreSQL and syslog in order to trip off something like Swatch.
swatch is alright, but you should really check out logsurfer. logsurfer lets you open up contexts based on bits of text found in a message and then capture related log lines in the same bucket; and then report it all at once. A major win. (In fact, it's so good that I don't do realtime database logging at all anymore; I just batch up my tcpdump format files and insert them periodically) Anyway, what you want looks something like this: output log_tcpdump: snort.log output alert_syslog: LOG_LOCAL6 LOG_NOTICE LOG_NDELAY output database: alert, postgresql, dbname=snort host=bleah user=gonk password=blah encoding=hex detail=full - -- Erik Fichtner Security Administrator, ServerVault, Inc. 703-333-5900 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8WndgQ7EzrewLMS0RAkcyAKCM8rbjN7aLsUx9PcpqWzC4cqttbgCgjApB /eF5CHIWGBC/PUxaInZJAFE= =c2tN -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID email notification Ian Masters (Feb 01)
- Re: ACID email notification Erik Fichtner (Feb 01)