Snort mailing list archives
Re: snort email alert
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 23 May 2002 11:35:14 -0400
Well, I admit up front that I do not understand what exactly you are looking for, since I do not understand your question very well. So what follows is merely an educated guess of what might answer your question.
At any rate, swatch, logwatch and similar tools are "log watchers". They watch a logfile on disk, periodically scanning the latest information in it, and triggering various programs to be run if certain text strings appear in the log.
Swatch can watch a syslog file, or any other logfile you want, like the text mode snort alerts file.
So something along the lines of "swatch -t /home/snort/var/log/snort/alert" is probably a good start, depending on where you run snort from and where your alert file is. (yes I am paranoid, yes I do chroot my snort daemon, no that's not where I chroot it to)
For your swatch configuration you might want something as simple as this:/WEB-IIS cmd.exe access/ exec= "echo "IIS cmd.exe" | mail me () somewhere com"
You can get a lot more elaborate, but I personally don't use this kind of setup, so if you want something more detailed, you might want to ask a more specific question to the list and lets someone else answer it.
At 10:20 AM 5/23/2002 -0400, Math wrote:
I've not find good clear explain to install a mail alert if my computer is scan using snort. I got swatch and i think i can configure it in my syslog to alert me. Anybody can refer my a good clear site or explain me how i can configure it to get different kind of email alert?ulaval student Canada Math
_______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort email alert Math (May 23)
- Re: snort email alert Matt Kettler (May 23)