Snort mailing list archives

RE: Snort-Swatch

From: "Keaton, Lindamaria" <LKeaton () unionsafe com>
Date: Thu, 25 Sep 2003 08:43:40 -0700

I'm having a difficult time installing logsurfer-1.5b. I just the
following command.
./configure --prefix=/usr/local --with-etcdir=/etc. Ok it looks like it
installing just find. But when I go look for the logsurfer.conf file in
/usr/local/etc or in /etc it's not there. Any ideas?

-----Original Message-----
From: Edin Dizdarevic [mailto:edin.dizdarevic () interActive-Systems de] 
Sent: Tuesday, September 23, 2003 12:46 PM
To: Keaton, Lindamaria
Cc: jon baer; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort-Swatch

Hi,

If you were using logsurfer I could drop you some appropriate
configuration rules. Do you have to use Swatch?

Regards,
Edin

Keaton, Lindamaria wrote:

/usr/bin/local/snort -c /etc/snort/snort.conf

[...]


Is anyone using swatch to email alerts?

If so, can someone tell me how to configure swatch to send entire 
content of an alert. Right now I'm getting alerts send but this is all

I'm getting in the body of the email.

TCP TTL:64 TOS:0x0 ID:33690 IpLen:20 DgmLen:1500 DF.

I would like to see source, destination, time, and what the actually 
alert is. Anyone have any ideas?




-- 
Edin Dizdarevic



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort-Swatch Keaton, Lindamaria (Sep 19)
- Re: Snort-Swatch jon baer (Sep 19)
- Re: Snort-Swatch Erek Adams (Sep 19)
- <Possible follow-ups>
- RE: Snort-Swatch Keaton, Lindamaria (Sep 23)
  - Re: Snort-Swatch Edin Dizdarevic (Sep 23)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 23)
  - Re: Snort-Swatch Edin Dizdarevic (Sep 23)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 25)
  - Re: Snort-Swatch Sir Fenix (Sep 25)
  - Re: Snort-Swatch Edin Dizdarevic (Sep 25)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 25)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 26)
  - Re: Snort-Swatch Edin Dizdarevic (Sep 27)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 29)
  - Single Snort instance with multiple configurations (output) Jukka Juslin (Sep 30)
    - Re: Single Snort instance with multiple configurations (output) Matt Kettler (Sep 30)