Snort mailing list archives
RE: Snort, Windows 2000 - running external program on alert.
From: "Sylar, John" <JSylar () erac com>
Date: Fri, 20 Dec 2002 13:38:33 -0600
Kiwi will do that.... -----Original Message----- From: Don [mailto:Don () WeberOnTheWeb com] Sent: Friday, December 20, 2002 1:22 PM To: Hicks, John; 'Brian Strickland'; Snort Users (E-mail) Subject: RE: [Snort-users] Snort, Windows 2000 - running external program on alert. I'm trying to do something similar, would like to tail the syslog file looking for specific keywords and cause an action based on the findings, do you know of a prog that can do the likes of the tail -f *nix command in a win32 environment. for instance i have a nix .pl file that looks for certain messages and can modify ipf to block offending IP's, yet i havent found a way to do this on win32 yet. I havent found anything that can tail the syslog and look for 'keywords', the perl file-tail doesnt work in win32 version of perl, it requires a specific module that has not been ported to win32. any other ideas that anyone might have? don
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Hicks, John Sent: Friday, December 20, 2002 9:57 AM To: 'Brian Strickland'; Snort Users (E-mail) Subject: RE: [Snort-users] Snort, Windows 2000 - running external program on alert. IDSCenter has built-in email functionality, but not 'any' program. If you're looking for run x if y is found, try doing it via syslog output. hth, John -----Original Message----- From: Brian Strickland [mailto:brians () south-com com] Sent: Friday, December 20, 2002 12:35 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort, Windows 2000 - running external program on alert. is there a way directly from snort to run an external program when an alert is generated or indirectly (reviewing log file or sql database) to run an external program when a alert occurs. Like send an email, pager program, etc. Brian Strickland ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort, Windows 2000 - running external program on alert. Hicks, John (Dec 20)
- Re: Snort, Windows 2000 - running external program on alert. Ueli Kistler (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Don (Dec 20)
- <Possible follow-ups>
- RE: Snort, Windows 2000 - running external program on alert. Hicks, John (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Sylar, John (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Tom Sevy (Dec 20)