Snort mailing list archives
alert notification mechanisms
From: Ken Gunderson <kgunders () teamcool net>
Date: Thu, 20 Feb 2003 11:57:36 -0700
Greets: I'm curious about experiences of others utilizing various alert notification systems on Unix platforms. I like to log to use acid, but also would like some automated notification. It seems there are two basic strategies for this; write alerts to logs and doing some regexp post processing with the likes of swatch or logsurfer, or pipe alerts through syslogd. I've defaulted to swatch in the past, but am interested in exploring more modern options. Especially since the most recent release of swatch sports the throttle bug. Logsurfer can get get kind of fat on the resources and get complex in a hurry. The syslogd approach makes it easy to mail/exec on various triggers, but doesn't support throttling. So you end up turning to syslogd replacements like syslog-ng or msyslog. The msyslog approach looks like it could have some interesting potential, since you can chain together various processing modules like regexp, classic, mysql, etc., and it basically follows syntax of existing syslog. I am reluctant to replace something as sensitive as syslogd on a security sensitive application, however, particularly since opendbsd, the platform it was developed on, doesn't even sport it in it's port collection.... Any thoughts/experiences you fellow Unix geeks would like to share? Thanks bunches. -- Best regards, Ken Gunderson PGP Key-- 9F5179FD "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alert notification mechanisms Ken Gunderson (Feb 20)
- Re: alert notification mechanisms Erek Adams (Feb 20)
- Re: alert notification mechanisms Ken Gunderson (Feb 20)
- Re: alert notification mechanisms Erek Adams (Feb 20)