Snort mailing list archives
Re: Email alerts
From: Erek Adams <erek () snort org>
Date: Tue, 8 Apr 2003 08:57:19 -0500 (EST)
On Mon, 7 Apr 2003, Matt Kettler wrote:
Read the fine FAQ for the basic suggestion: http://www.snort.org/docs/faq.html#5.7 In a bit more detail, swatch/logcheck are tools which search logs for various substrings and run external scripts when they find those strings. You should be able to use the priority field as a part of your search condition. Swatch has a homepage here: http://swatch.sourceforge.net/
And to add to what Matt said: Have a look at this [0]. It's a swatch.conf file that Jason Haar put together as an example of 'emailing alerts'. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/snort-swatch.conf.txt ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Email alerts Sudhakar Gummadi (Apr 07)
- <Possible follow-ups>
- Re: Email alerts Matt Kettler (Apr 07)
- Re: Email alerts Erek Adams (Apr 08)